将文件上传到 MySQL blob 字段 file_get_contents():失败(来自输入类型="file")
Uploading file to MySQL blob field file_get_contents(): failed (from input type="file")
我正在使用 file_get_contents 将文件从我的本地目录上传到 MySQL 数据库的 MEDIUMBLOB 字段,我收到以下错误:
警告:file_get_contents(test.txt):无法打开流:C:\xampp\htdocs\Craisins\forms\new_scenario.php 中没有此类文件或目录第 265 行
但是文件确实存在,因为我用 input type="file"
选择了它
这似乎在昨天工作,但今天突然不能正常工作了,我不确定为什么。
完整文件如下:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<!--Normal CSS Sheets-->
<link rel="stylesheet" type="text/css" href="../includes/style.css">
<link rel="stylesheet" type="text/css" href="../includes/style_form.css">
<!--BSM Select CSS Sheet-->
<link rel="stylesheet" type="text/css" href="../includes/bsmselect/css/jquery.bsmselect.css">
<!--jQuery-->
<script src="../includes/jquery-2.1.4.min.js"></script>
<!--jQuery for BSMSelect-->
<script src="../includes/bsmselect/js/jquery.bsmselect.js"></script>
<!--jQuery selector for BSMSelect-->
<script>
$(document).ready(function() {
$("select[multiple]").bsmSelect();
});
</script>
<style type="text/css">
<!--
.style1
{
font-size: 12px;
font-weight: bold;
}
textarea
{
resize: none;
}
-->
<?php include ("../includes/formSuccess.php");
include ("../includes/sql.php");
require_once "../WindowsAzure/WindowsAzure.php";
use WindowsAzure\Common\ServicesBuilder;
use WindowsAzure\Blob\Models\CreateContainerOptions;
use WindowsAzure\Blob\Models\PublicAccessType;
use WindowsAzure\Common\ServiceException;
?>
</style>
<title>****</title>
</head>
<body>
<div id="pageContainer">
<!--This section is for the upper half of the page. From the "Title" bar up.-->
<?php include ("../includes/formNav.php");?>
<!--End of the Header Section-->
<br>
<!--This section is where we add the main content for the page.-->
<div id="contentArea">
<div id="mainContentAdmin">
<h1 style="text-align:center">Add New Scenario</h1>
<?php
// display form if user has not clicked submit
if (!isset($_POST["btn_submit"]))
{
?>
<!--This will be the form that will hold the information of the entire page.-->
<form class="elegant-aero" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<!--Scenario Title-->
<label>
<span>Title:</span>
<input type="text" name="title" placeholder="Enter the full scenario name here">
</label>
<!--Scenario Description-->
<label>
<span>Description:</span>
<textarea name="desc" placeholder="Enter the scenario description here"></textarea>
</label>
<!--Scenario Times-->
<label id="time">
<span>Estimated Times:</span>
<!--Scenario Execution Time-->
<b>Execution:</b>
<input type="number" name="execHr" min="0" placeholder="Hours">
<input type="number" name="execMin" min="1" placeholder="Minutes">
<br><br>
<!--Scenario Debriefing Time-->
<b>Debriefing:</b>
<input type="number" name="debriHr" min="0" placeholder="Hours">
<input type="number" name="debriMin" min="0" placeholder="Minutes">
</label>
<br>
<!--Origin-->
<label>
<span>Origin:</span>
<input type="text" name="origin" placeholder="Enter the origin here (if any)">
</label>
<!--Target Users-->
<label>
<span>Target Users:</span>
<select name="users[]" multiple="multiple" title="Please select user type...">
<?php
selectMySQL("valid_trainee_type","trainee_type");
?>
</select>
</label>
<br>
<!--Capabilities-->
<label>
<span style="">Capabilities Required:</span>
<select name="capabilities[]" multiple="multiple" title="Please select capabilities...">
<?php
selectMySQL("valid_capability","name");
?>
</select>
</label>
<br>
<!--Prerequisites-->
<label>
<span style="">Prerequisite Knowledge:</span>
<select name="prerequisites[]" multiple="multiple" title="Please select prerequisites...">
<?php
selectMySQL("valid_prerequisite","prerequisite");
?>
</select>
</label>
<br>
<!--Equipment-->
<label>
<span>Equipment Required:</span>
<select name="equipment[]" multiple="multiple" title="Please select equipment...">
<?php
selectMySQL("valid_equipment","equipment");
?>
</select>
</label>
<!--Parameters-->
<label>
<span>Parameters to Monitor:</span>
<select name="parameters[]" multiple="multiple" title="Please select parameters...">
<?php
selectMySQL("valid_parameter","parameter");
?>
</select>
</label>
<br>
<!--Learning Objectives-->
<label>
<span>Learning Objectives:</span>
<textarea name="object" placeholder="Please list the learning objectives for the procedure..."></textarea>
</label>
<!--Setting-->
<label>
<span>Setting:</span>
<textarea name="set" placeholder="Please describe the ideal setting for the procedure..."></textarea>
</label>
<!--Preparation-->
<label>
<span>Preparation Required:</span>
<textarea name="prep" placeholder="Please list any steps that are required in order to perform this procedure..."></textarea>
</label>
<!--Participants-->
<label>
<span>Participants Required:</span>
<textarea name="part" placeholder="Please list the participants that will be required in order to perform this procedure..."></textarea>
</label>
<!--Patient Information-->
<label>
<span id="patient">Patient Information:</span>
<br>
<!--Patient Name-->
<b>Name</b>
<input type="text" name="patName" style="width:63%;" placeholder="Enter the patient's full name here">
<!--Patient Vitals-->
<b>Vitals</b>
<select name="patSex" style="width:15%;" title="Male or Female?">
<option value="male">male</option>
<option value="female">female</option>
</select>
<b>Age</b>
<input name="patAge" type="text" style="width:5%;">
<b>Height</b>
<input type="text" name="patHt" style="width:6%;" placeholder="(in)">
<b>Weight</b>
<input type="text" name="patWt" style="width:6%;" placeholder="(lbs)">
<span style="width: 30%; border-right:0; margin-right:0; padding-right: 5px;">Other Info</span>
<textarea style="width:63%;" name="patInfo" placeholder="Any other medical details?"></textarea>
</label>
<!--Scoring-->
<label>
<span>Scoring:</span>
<textarea name="score" placeholder="Please detail the scoring rubric for this scenario..."></textarea>
</label>
<!--Debrief-->
<label>
<span>Debrief:</span>
<textarea name="debrief" placeholder="Please detail the debriefing process for this scenario..."></textarea>
</label>
<!--Scenario File-->
<label>
<span>Scenario Details:</span>
<br>
<input type="file" name="fileScenDetails" value="Upload File">
<br>
<textarea name="textScenDetails" placeholder="Please any other scenario details here..."></textarea>
</label>
<!--Submit Button-->
<label>
<span> </span>
<input type="submit" name="btn_submit" class="button" value="Add Scenario"/>
</label>
</p>
</form>
<?php
} //end if
else
{
//Setup the MySQL server
$servername = "localhost";
$username = "root";
$password = "****";
$dbname = "****";
//Create connection to the MySQL server
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if($conn -> connect_error)
{
die("Connection failed: " . $conn -> connect_error);
} //end if
//Organize Execution Time
$exec_time = "00:".$_POST['execHr'].":".$_POST['execMin'];
//Organize Debriefing Time
$debrif_time = "00:".$_POST['debriHr'].":".$_POST['debriMin'];
//Organize BLOB
$blob = addslashes(file_get_contents($_POST['fileScenDetails']));
$sql="INSERT INTO scenario (title, description, est_scenario_time, est_debriefing_time,
origin, objectives, setting, preparation, participants,
patient_name, patient_sex, patient_age, patient_height,
patient_weight, patient_info, scoring, debrief,
scenario_file, scenario_text)
VALUES ('".$_POST['title']."','".$_POST['desc']."', '$exec_time', '$debrif_time',
'".$_POST['origin']."','".$_POST['object']."',
'".$_POST['set']."','".$_POST['prep']."',
'".$_POST['part']."','".$_POST['patName']."',
'".$_POST['patSex']."','".$_POST['patAge']."',
'".$_POST['patHt']."','".$_POST['patWt']."',
'".$_POST['patInfo']."','".$_POST['score']."',
'".$_POST['debrief']."','$blob',
'".$_POST['textScenDetails']."');";
if($conn->query($sql) === TRUE) {
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
} //end else
$conn->close();
/*
//Insert Target Users (Trainee Types)
insert_Scen_Dev('scenario','title', 'title','users',
'valid_trainee_type','trainee_type', 'scenario_trainee_type',
'scenario_id', 'valid_trainee_type_id');
//Insert Capabilities
insert_Scen_Dev('scenario','title', 'title','capabilities',
'valid_capability','name', 'scenario_capabilities',
'scenario_id', 'valid_capability_id');
//Insert Prerequisites
insert_Scen_Dev('scenario','title', 'title','prerequisites',
'valid_prerequisite','prerequisite', 'scenario_prerequisites',
'scenario_id', 'valid_prerequisite_id');
//Insert Equipment
insert_Scen_Dev('scenario','title', 'title','equipment',
'valid_equipment','equipment', 'scenario_equipment',
'scenario_id', 'valid_equipment_id');
//Insert Parameters
insert_Scen_Dev('scenario','title', 'title','parameters',
'valid_parameter','parameter', 'scenario_parameters',
'scenario_id', 'valid_parameter_id');
*/
echo "<div class='sqlSuccess'>A new Scenario has been added!</div>";
} //end else
?>
</div>
</div>
<!--End of the Content Section-->
<!--This section is for the lower half of the page. From the copyright bar down.-->
<div id="footer">
<div id="footerCenter">
Copyright ©
<script language="javascript" type="text/javascript">
var today = new Date();
var year = today.getFullYear();
document.write(year);
</script>
</div>
</div>
<!--End of the Footer Section-->
</div>
</body>
这段代码有几个问题。首先,除非您在表单元素上指定正确的 enctype 属性,否则文件不会上传:
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
另外,文件地址在$_FILES['fileScenDetails']['tmp_name']下可用,而不在$_POST['fileScenDetails']下可用,所以:
$blob = addslashes(file_get_contents($_FILES['fileScenDetails']['tmp_name']));
请注意,您应该检查文件上传是否成功,否则您的代码将触发警告(例如,当用户不指定文件时)。添加如下内容:
if(isset($_FILES['fileScenDetails']['error']) && UPLOAD_ERR_OK == $_FILES['fileScenDetails']['error']) {
// do your stuff here
} else {
// display 'no-file' error to the user
}
此外,您一定要检查指定的文件是否真的上传了,以避免通过格式错误的请求窃取您的代码。在此处检查 is_uploaded_file 函数:http://php.net/manual/en/function.is-uploaded-file.php
还有一些可能的 SQL 注入和其他安全问题。
我正在使用 file_get_contents 将文件从我的本地目录上传到 MySQL 数据库的 MEDIUMBLOB 字段,我收到以下错误:
警告:file_get_contents(test.txt):无法打开流:C:\xampp\htdocs\Craisins\forms\new_scenario.php 中没有此类文件或目录第 265 行
但是文件确实存在,因为我用 input type="file"
选择了它这似乎在昨天工作,但今天突然不能正常工作了,我不确定为什么。
完整文件如下:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<!--Normal CSS Sheets-->
<link rel="stylesheet" type="text/css" href="../includes/style.css">
<link rel="stylesheet" type="text/css" href="../includes/style_form.css">
<!--BSM Select CSS Sheet-->
<link rel="stylesheet" type="text/css" href="../includes/bsmselect/css/jquery.bsmselect.css">
<!--jQuery-->
<script src="../includes/jquery-2.1.4.min.js"></script>
<!--jQuery for BSMSelect-->
<script src="../includes/bsmselect/js/jquery.bsmselect.js"></script>
<!--jQuery selector for BSMSelect-->
<script>
$(document).ready(function() {
$("select[multiple]").bsmSelect();
});
</script>
<style type="text/css">
<!--
.style1
{
font-size: 12px;
font-weight: bold;
}
textarea
{
resize: none;
}
-->
<?php include ("../includes/formSuccess.php");
include ("../includes/sql.php");
require_once "../WindowsAzure/WindowsAzure.php";
use WindowsAzure\Common\ServicesBuilder;
use WindowsAzure\Blob\Models\CreateContainerOptions;
use WindowsAzure\Blob\Models\PublicAccessType;
use WindowsAzure\Common\ServiceException;
?>
</style>
<title>****</title>
</head>
<body>
<div id="pageContainer">
<!--This section is for the upper half of the page. From the "Title" bar up.-->
<?php include ("../includes/formNav.php");?>
<!--End of the Header Section-->
<br>
<!--This section is where we add the main content for the page.-->
<div id="contentArea">
<div id="mainContentAdmin">
<h1 style="text-align:center">Add New Scenario</h1>
<?php
// display form if user has not clicked submit
if (!isset($_POST["btn_submit"]))
{
?>
<!--This will be the form that will hold the information of the entire page.-->
<form class="elegant-aero" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<!--Scenario Title-->
<label>
<span>Title:</span>
<input type="text" name="title" placeholder="Enter the full scenario name here">
</label>
<!--Scenario Description-->
<label>
<span>Description:</span>
<textarea name="desc" placeholder="Enter the scenario description here"></textarea>
</label>
<!--Scenario Times-->
<label id="time">
<span>Estimated Times:</span>
<!--Scenario Execution Time-->
<b>Execution:</b>
<input type="number" name="execHr" min="0" placeholder="Hours">
<input type="number" name="execMin" min="1" placeholder="Minutes">
<br><br>
<!--Scenario Debriefing Time-->
<b>Debriefing:</b>
<input type="number" name="debriHr" min="0" placeholder="Hours">
<input type="number" name="debriMin" min="0" placeholder="Minutes">
</label>
<br>
<!--Origin-->
<label>
<span>Origin:</span>
<input type="text" name="origin" placeholder="Enter the origin here (if any)">
</label>
<!--Target Users-->
<label>
<span>Target Users:</span>
<select name="users[]" multiple="multiple" title="Please select user type...">
<?php
selectMySQL("valid_trainee_type","trainee_type");
?>
</select>
</label>
<br>
<!--Capabilities-->
<label>
<span style="">Capabilities Required:</span>
<select name="capabilities[]" multiple="multiple" title="Please select capabilities...">
<?php
selectMySQL("valid_capability","name");
?>
</select>
</label>
<br>
<!--Prerequisites-->
<label>
<span style="">Prerequisite Knowledge:</span>
<select name="prerequisites[]" multiple="multiple" title="Please select prerequisites...">
<?php
selectMySQL("valid_prerequisite","prerequisite");
?>
</select>
</label>
<br>
<!--Equipment-->
<label>
<span>Equipment Required:</span>
<select name="equipment[]" multiple="multiple" title="Please select equipment...">
<?php
selectMySQL("valid_equipment","equipment");
?>
</select>
</label>
<!--Parameters-->
<label>
<span>Parameters to Monitor:</span>
<select name="parameters[]" multiple="multiple" title="Please select parameters...">
<?php
selectMySQL("valid_parameter","parameter");
?>
</select>
</label>
<br>
<!--Learning Objectives-->
<label>
<span>Learning Objectives:</span>
<textarea name="object" placeholder="Please list the learning objectives for the procedure..."></textarea>
</label>
<!--Setting-->
<label>
<span>Setting:</span>
<textarea name="set" placeholder="Please describe the ideal setting for the procedure..."></textarea>
</label>
<!--Preparation-->
<label>
<span>Preparation Required:</span>
<textarea name="prep" placeholder="Please list any steps that are required in order to perform this procedure..."></textarea>
</label>
<!--Participants-->
<label>
<span>Participants Required:</span>
<textarea name="part" placeholder="Please list the participants that will be required in order to perform this procedure..."></textarea>
</label>
<!--Patient Information-->
<label>
<span id="patient">Patient Information:</span>
<br>
<!--Patient Name-->
<b>Name</b>
<input type="text" name="patName" style="width:63%;" placeholder="Enter the patient's full name here">
<!--Patient Vitals-->
<b>Vitals</b>
<select name="patSex" style="width:15%;" title="Male or Female?">
<option value="male">male</option>
<option value="female">female</option>
</select>
<b>Age</b>
<input name="patAge" type="text" style="width:5%;">
<b>Height</b>
<input type="text" name="patHt" style="width:6%;" placeholder="(in)">
<b>Weight</b>
<input type="text" name="patWt" style="width:6%;" placeholder="(lbs)">
<span style="width: 30%; border-right:0; margin-right:0; padding-right: 5px;">Other Info</span>
<textarea style="width:63%;" name="patInfo" placeholder="Any other medical details?"></textarea>
</label>
<!--Scoring-->
<label>
<span>Scoring:</span>
<textarea name="score" placeholder="Please detail the scoring rubric for this scenario..."></textarea>
</label>
<!--Debrief-->
<label>
<span>Debrief:</span>
<textarea name="debrief" placeholder="Please detail the debriefing process for this scenario..."></textarea>
</label>
<!--Scenario File-->
<label>
<span>Scenario Details:</span>
<br>
<input type="file" name="fileScenDetails" value="Upload File">
<br>
<textarea name="textScenDetails" placeholder="Please any other scenario details here..."></textarea>
</label>
<!--Submit Button-->
<label>
<span> </span>
<input type="submit" name="btn_submit" class="button" value="Add Scenario"/>
</label>
</p>
</form>
<?php
} //end if
else
{
//Setup the MySQL server
$servername = "localhost";
$username = "root";
$password = "****";
$dbname = "****";
//Create connection to the MySQL server
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if($conn -> connect_error)
{
die("Connection failed: " . $conn -> connect_error);
} //end if
//Organize Execution Time
$exec_time = "00:".$_POST['execHr'].":".$_POST['execMin'];
//Organize Debriefing Time
$debrif_time = "00:".$_POST['debriHr'].":".$_POST['debriMin'];
//Organize BLOB
$blob = addslashes(file_get_contents($_POST['fileScenDetails']));
$sql="INSERT INTO scenario (title, description, est_scenario_time, est_debriefing_time,
origin, objectives, setting, preparation, participants,
patient_name, patient_sex, patient_age, patient_height,
patient_weight, patient_info, scoring, debrief,
scenario_file, scenario_text)
VALUES ('".$_POST['title']."','".$_POST['desc']."', '$exec_time', '$debrif_time',
'".$_POST['origin']."','".$_POST['object']."',
'".$_POST['set']."','".$_POST['prep']."',
'".$_POST['part']."','".$_POST['patName']."',
'".$_POST['patSex']."','".$_POST['patAge']."',
'".$_POST['patHt']."','".$_POST['patWt']."',
'".$_POST['patInfo']."','".$_POST['score']."',
'".$_POST['debrief']."','$blob',
'".$_POST['textScenDetails']."');";
if($conn->query($sql) === TRUE) {
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
} //end else
$conn->close();
/*
//Insert Target Users (Trainee Types)
insert_Scen_Dev('scenario','title', 'title','users',
'valid_trainee_type','trainee_type', 'scenario_trainee_type',
'scenario_id', 'valid_trainee_type_id');
//Insert Capabilities
insert_Scen_Dev('scenario','title', 'title','capabilities',
'valid_capability','name', 'scenario_capabilities',
'scenario_id', 'valid_capability_id');
//Insert Prerequisites
insert_Scen_Dev('scenario','title', 'title','prerequisites',
'valid_prerequisite','prerequisite', 'scenario_prerequisites',
'scenario_id', 'valid_prerequisite_id');
//Insert Equipment
insert_Scen_Dev('scenario','title', 'title','equipment',
'valid_equipment','equipment', 'scenario_equipment',
'scenario_id', 'valid_equipment_id');
//Insert Parameters
insert_Scen_Dev('scenario','title', 'title','parameters',
'valid_parameter','parameter', 'scenario_parameters',
'scenario_id', 'valid_parameter_id');
*/
echo "<div class='sqlSuccess'>A new Scenario has been added!</div>";
} //end else
?>
</div>
</div>
<!--End of the Content Section-->
<!--This section is for the lower half of the page. From the copyright bar down.-->
<div id="footer">
<div id="footerCenter">
Copyright ©
<script language="javascript" type="text/javascript">
var today = new Date();
var year = today.getFullYear();
document.write(year);
</script>
</div>
</div>
<!--End of the Footer Section-->
</div>
</body>
这段代码有几个问题。首先,除非您在表单元素上指定正确的 enctype 属性,否则文件不会上传:
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
另外,文件地址在$_FILES['fileScenDetails']['tmp_name']下可用,而不在$_POST['fileScenDetails']下可用,所以:
$blob = addslashes(file_get_contents($_FILES['fileScenDetails']['tmp_name']));
请注意,您应该检查文件上传是否成功,否则您的代码将触发警告(例如,当用户不指定文件时)。添加如下内容:
if(isset($_FILES['fileScenDetails']['error']) && UPLOAD_ERR_OK == $_FILES['fileScenDetails']['error']) {
// do your stuff here
} else {
// display 'no-file' error to the user
}
此外,您一定要检查指定的文件是否真的上传了,以避免通过格式错误的请求窃取您的代码。在此处检查 is_uploaded_file 函数:http://php.net/manual/en/function.is-uploaded-file.php
还有一些可能的 SQL 注入和其他安全问题。