$_FILES 名称未正确上传到数据库

Question

所以我为一个小项目创建了一个简单的图片上传网站。除了数据库中的文件路径列外，一切都很好。

出于某种原因，它有时会包含我告诉它的变量，有时则不会。

$user = $_SESSION['user'];

//file properties
$fileName = $_FILES["uploadedImage"]["name"];
$fileType = $_FILES["uploadedImage"]["type"];
$fileSize = $_FILES["uploadedImage"]["size"];
$fileTempName = $_FILES["uploadedImage"]["tmp_name"];
$error = $_FILES["uploadedImage"]["error"];
$random = substr(md5(microtime()),rand(0,26),16); //create random characters to avoid name duplication.
$path = "uploads/" . $_SESSION['userName'] . $random . $fileName;

路径总是包含 "uploads/" 但只是有时会包含会话用户名，随机的，很少包含文件名，即使是在相同的文件上。我在提交表单之前回显了这些变量，在提交表单并上传到数据库之前它们都是正确的。当我提交表格时，所有其他列都已正确填写。

if ( isset( $_POST['formSubmit'] )) {

//prevent SQL injections and invalid inputs
$title = trim($_POST['title']);
$title = strip_tags($title);
$title = htmlspecialchars($title);
$title = mysqli_real_escape_string($db, $title);


$description = trim($_POST['description']);
$description = strip_tags($description);
$description = htmlspecialchars($description);
$description = mysqli_real_escape_string($db, $description);

if (empty($title) || strlen($title) < 1) {
    $titleError = "Title required.";
    $formError = true;
}


if ($formError) {
    $errorMessage = "Please fill out the upload form properly.";
} else {
    $query = mysqli_query($db, "INSERT INTO IMAGE(imageID,userID,title,description,path)
            VALUES('','$user','$title','$description','$path')");

这是表格本身：

<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>">
        <div class="row">
            <div class="col-sm-12">
                <span class="errorText"><?php echo $errorMessage; ?></span>
                <br><br>
            </div>
        </div>
        <div class="row">
            <div class='col-sm-1'><!--spacer--></div>
            <div class="col-sm-2">
                <label for="title">Title:</label>
            </div>
            <div class="col-sm-6">
                <input  type="text" id="title" name="title" placeholder="Enter your image title here..." >
            </div>
            <div class="col-sm-2"><span class="errorText"><?php echo $titleError; ?></span></div>
            <div class='col-sm-1'><!--spacer--></div>
        </div>
        <br>
        <div class="row">
            <div class='col-sm-1'><!--spacer--></div>
            <div class="col-sm-2">
                <label for="description">Description:</label>
            </div>
            <div class="col-sm-6">
                <input type="text" id="description" name="description" placeholder="Describe your image here...">
            </div>
            <div class="col-sm-2"><span class="errorText"><?php echo $descriptionError; ?></span></div>
            <div class='col-sm-1'><!--spacer--></div>
        </div>
        <br>
        <br>
        <input type="submit" value="Submit" name = "formSubmit" id="formSubmit" class="btn">
        <br>
        <br>
    </form>

Answer 1

表单缺少 enctype="multipart/form-data" 属性。

<form method="POST" enctype="multipart/form-data">

此外，即使这与问题无关，我也强烈建议您使用 MySQLi prepared statement. It help you avoid SQL injection 而无需手动转义参数。

$_FILES 名称未正确上传到数据库

$_FILES name not uploading to database correctly

php

database

file

filepath