php 文件上传到数据库
php file upload to a database
我正在尝试将文件上传到目录并将其值存储在 database.I 不知道这是什么问题 code.Thanks 提前寻求帮助
图片显示回显时的变量。
$con=connect();
$file_name=$_FILES['file']['name'];
$file_size=$_FILES['file']['size']/1024;
$display_name=$_POST['display_name'];
$upload_dir='../uploads/docs/';
$file_temp=$_FILES['file']['tmp_name'];
$file_path=$upload_dir.$file_name;
if(move_uploaded_file($file_temp,$file_path))
{
if($con)
{
$query=mysqli_query($con,"insert into dcument_upload
values(null,'$display_name','$file_path','$file_size')");
$rr=mysqli_num_rows($query);
if($rr)
{
echo 'Uploaded';
echo $rr;
}else
{
echo "Upload failed";
}
}
else
{
die("Cannot Connect");
}
}
else
{
echo "<br>Upload Failed<br>Try Again!";
}
您需要先获取文件内容:
$file_data = file_get_contents($file_path);
$query = mysqli_query($con, "INSERT INTO `dcument_upload ` VALUES (null, '". mysqli_real_escape_string($con, $display_name)."', '".mysqli_real_escape_string($con, $file_data). "', '".mysqli_real_escape_string($con, $file_size)."')");
此外,使用 mysqli_real_escape_string 转义特殊字符以帮助防止 SQL 注入。
试试这个。您将变量放在单引号下。
<?php
$con = connect();
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']/1024;
$display_name = $_POST['display_name'];
$upload_dir = '../uploads/docs/';
$file_temp = $_FILES['file']['tmp_name'];
$file_path = $upload_dir.$file_name;
if(move_uploaded_file($file_temp,$file_path)) {
if($con) {
$query = mysqli_query($con,"insert into dcument_upload values(null, ".mysqli_real_escape_string($con, $display_name).", ".mysqli_real_escape_string($con, $file_path).", ".mysqli_real_escape_string($con, $file_size)".)");
$rr = mysqli_num_rows($query);
if($rr) {
echo 'Uploaded';
echo $rr;
} else {
echo "Upload failed";
}
} else {
die("Cannot Connect");
}
} else {
echo "<br>Upload Failed<br>Try Again!";
}
$con=connect();
$file_name=$_FILES['file']['name'];
$file_size=$_FILES['file']['size']/1024;
$display_name=$_POST['display_name'];
$upload_dir='../uploads/docs/';
$file_temp=$_FILES['file']['tmp_name'];
$file_path=$upload_dir.$file_name;
if(move_uploaded_file($file_temp,$file_path))
{
if($con)
{
$query=mysqli_query($con,"insert into dcument_upload
values(null,'$display_name','$file_path','$file_size')");
$rr=mysqli_num_rows($query);
if($rr)
{
echo 'Uploaded';
echo $rr;
}else
{
echo "Upload failed";
}
}
else
{
die("Cannot Connect");
}
}
else
{
echo "<br>Upload Failed<br>Try Again!";
}
您需要先获取文件内容:
$file_data = file_get_contents($file_path);
$query = mysqli_query($con, "INSERT INTO `dcument_upload ` VALUES (null, '". mysqli_real_escape_string($con, $display_name)."', '".mysqli_real_escape_string($con, $file_data). "', '".mysqli_real_escape_string($con, $file_size)."')");
此外,使用 mysqli_real_escape_string 转义特殊字符以帮助防止 SQL 注入。
试试这个。您将变量放在单引号下。
<?php
$con = connect();
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']/1024;
$display_name = $_POST['display_name'];
$upload_dir = '../uploads/docs/';
$file_temp = $_FILES['file']['tmp_name'];
$file_path = $upload_dir.$file_name;
if(move_uploaded_file($file_temp,$file_path)) {
if($con) {
$query = mysqli_query($con,"insert into dcument_upload values(null, ".mysqli_real_escape_string($con, $display_name).", ".mysqli_real_escape_string($con, $file_path).", ".mysqli_real_escape_string($con, $file_size)".)");
$rr = mysqli_num_rows($query);
if($rr) {
echo 'Uploaded';
echo $rr;
} else {
echo "Upload failed";
}
} else {
die("Cannot Connect");
}
} else {
echo "<br>Upload Failed<br>Try Again!";
}