将文件上传到 MySQL blob 字段 file_get_contents():失败(来自输入类型="file")

Uploading file to MySQL blob field file_get_contents(): failed (from input type="file")

我正在使用 file_get_contents 将文件从我的本地目录上传到 MySQL 数据库的 MEDIUMBLOB 字段,我收到以下错误:

警告:file_get_contents(test.txt):无法打开流:C:\xampp\htdocs\Craisins\forms\new_scenario.php 中没有此类文件或目录第 265 行

但是文件确实存在,因为我用 input type="file"

选择了它

这似乎在昨天工作,但今天突然不能正常工作了,我不确定为什么。

完整文件如下:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

    <!--Normal CSS Sheets-->
    <link rel="stylesheet" type="text/css" href="../includes/style.css">
    <link rel="stylesheet" type="text/css" href="../includes/style_form.css">

    <!--BSM Select CSS Sheet-->
    <link rel="stylesheet" type="text/css" href="../includes/bsmselect/css/jquery.bsmselect.css">

    <!--jQuery-->
    <script src="../includes/jquery-2.1.4.min.js"></script>

    <!--jQuery for BSMSelect-->
    <script src="../includes/bsmselect/js/jquery.bsmselect.js"></script>

    <!--jQuery selector for BSMSelect-->
    <script>
    $(document).ready(function() { 
        $("select[multiple]").bsmSelect();
    });
    </script>

    <style type="text/css">
        <!--
        .style1
        {
            font-size: 12px;
            font-weight: bold;
        }

        textarea
        {
            resize: none;
        } 
        -->
        <?php include ("../includes/formSuccess.php");
              include ("../includes/sql.php");
              require_once "../WindowsAzure/WindowsAzure.php";
              use WindowsAzure\Common\ServicesBuilder;
              use WindowsAzure\Blob\Models\CreateContainerOptions;
              use WindowsAzure\Blob\Models\PublicAccessType;
              use WindowsAzure\Common\ServiceException;
              ?>
    </style>

    <title>****</title>
</head>

<body>
<div id="pageContainer">
    <!--This section is for the upper half of the page. From the "Title" bar up.-->
    <?php include ("../includes/formNav.php");?>
    <!--End of the Header Section-->
    <br>
    <!--This section is where we add the main content for the page.-->
<div id="contentArea">
        <div id="mainContentAdmin">

            <h1 style="text-align:center">Add New Scenario</h1>

            <?php
                // display form if user has not clicked submit
                if (!isset($_POST["btn_submit"])) 
                {
            ?>

            <!--This will be the form that will hold the information of the entire page.-->
            <form class="elegant-aero" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

                <p>
                    <!--Scenario Title-->
                    <label>
                        <span>Title:</span> 
                        <input type="text" name="title" placeholder="Enter the full scenario name here">
                    </label>

                    <!--Scenario Description-->
                    <label>
                        <span>Description:</span>
                        <textarea name="desc" placeholder="Enter the scenario description here"></textarea>
                    </label>

                    <!--Scenario Times-->
                    <label id="time">
                        <span>Estimated Times:</span>
                            <!--Scenario Execution Time-->
                            <b>Execution:</b>
                                <input type="number" name="execHr"  min="0" placeholder="Hours">
                                <input type="number" name="execMin" min="1" placeholder="Minutes">
                                    <br><br>         
                            <!--Scenario Debriefing Time-->
                            <b>Debriefing:</b>
                                <input type="number" name="debriHr"  min="0" placeholder="Hours">
                                <input type="number" name="debriMin" min="0" placeholder="Minutes">
                    </label>
                        <br>
                    <!--Origin-->
                    <label>
                        <span>Origin:</span> 
                        <input type="text" name="origin" placeholder="Enter the origin here (if any)">
                    </label>
                    <!--Target Users-->
                    <label>
                        <span>Target Users:</span>
                        <select name="users[]" multiple="multiple" title="Please select user type...">
                            <?php
                                selectMySQL("valid_trainee_type","trainee_type");
                            ?>
                        </select>
                    </label>
                        <br>
                    <!--Capabilities-->
                    <label>
                        <span style="">Capabilities Required:</span>
                        <select name="capabilities[]" multiple="multiple" title="Please select capabilities...">
                            <?php
                                selectMySQL("valid_capability","name");
                            ?>
                        </select>
                    </label>
                        <br>
                    <!--Prerequisites-->
                    <label>
                        <span style="">Prerequisite Knowledge:</span>
                        <select name="prerequisites[]" multiple="multiple" title="Please select prerequisites...">
                            <?php
                                selectMySQL("valid_prerequisite","prerequisite");
                            ?>
                        </select>
                    </label>
                        <br>
                    <!--Equipment-->
                    <label>
                        <span>Equipment Required:</span>
                        <select name="equipment[]" multiple="multiple" title="Please select equipment...">
                            <?php
                                selectMySQL("valid_equipment","equipment");
                            ?>
                        </select>
                    </label>
                    <!--Parameters-->
                    <label>
                        <span>Parameters to Monitor:</span>
                        <select name="parameters[]" multiple="multiple" title="Please select parameters...">
                            <?php
                                selectMySQL("valid_parameter","parameter");
                            ?>
                        </select>
                    </label>
                        <br>
                    <!--Learning Objectives-->
                    <label>
                        <span>Learning Objectives:</span>
                        <textarea name="object" placeholder="Please list the learning objectives for the procedure..."></textarea>
                    </label>

                    <!--Setting-->
                    <label>
                        <span>Setting:</span>
                        <textarea name="set" placeholder="Please describe the ideal setting for the procedure..."></textarea>
                    </label>

                    <!--Preparation-->
                    <label>
                        <span>Preparation Required:</span>
                        <textarea name="prep" placeholder="Please list any steps that are required in order to perform this procedure..."></textarea>
                    </label>

                    <!--Participants-->
                    <label>
                        <span>Participants Required:</span>
                        <textarea name="part" placeholder="Please list the participants that will be required in order to perform this procedure..."></textarea>
                    </label>

                    <!--Patient Information-->
                    <label>
                        <span id="patient">Patient Information:</span>
                                <br>
                            <!--Patient Name-->
                            <b>Name</b>
                                <input type="text" name="patName" style="width:63%;" placeholder="Enter the patient's full name here">
                                    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  
                                    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  
                                    &nbsp;&nbsp;    
                            <!--Patient Vitals-->
                            <b>Vitals</b>
                                <select name="patSex" style="width:15%;" title="Male or Female?">
                                    <option value="male">male</option>
                                    <option value="female">female</option>
                                </select>
                            <b>Age</b>
                                <input name="patAge" type="text" style="width:5%;">
                            <b>Height</b>
                                <input type="text" name="patHt" style="width:6%;" placeholder="(in)">
                            <b>Weight</b>
                                <input type="text" name="patWt" style="width:6%;" placeholder="(lbs)">
                            <span style="width: 30%; border-right:0; margin-right:0; padding-right: 5px;">Other Info</span>
                                <textarea style="width:63%;" name="patInfo" placeholder="Any other medical details?"></textarea>
                    </label>

                    <!--Scoring-->
                    <label>
                        <span>Scoring:</span>
                        <textarea name="score" placeholder="Please detail the scoring rubric for this scenario..."></textarea>
                    </label>

                    <!--Debrief-->
                    <label>
                        <span>Debrief:</span>
                        <textarea name="debrief" placeholder="Please detail the debriefing process for this scenario..."></textarea>
                    </label>

                    <!--Scenario File-->   
                    <label>
                        <span>Scenario Details:</span>    
                                <br>
                            <input type="file" name="fileScenDetails" value="Upload File">
                                <br>
                                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                            <textarea name="textScenDetails" placeholder="Please any other scenario details here..."></textarea>
                    </label>

                    <!--Submit Button-->
                    <label>
                        <span>&nbsp;</span>
                        <input type="submit" name="btn_submit" class="button" value="Add Scenario"/>
                    </label>
                </p>

            </form>

            <?php 

                } //end if

                else 
                {
                    //Setup the MySQL server
                    $servername = "localhost";
                    $username = "root";
                    $password = "****";
                    $dbname = "****";

                    //Create connection to the MySQL server
                    $conn = new mysqli($servername, $username, $password, $dbname);

                    //Check connection
                    if($conn -> connect_error)
                    {
                        die("Connection failed: " . $conn -> connect_error);
                    } //end if

                    //Organize Execution Time
                    $exec_time = "00:".$_POST['execHr'].":".$_POST['execMin'];

                    //Organize Debriefing Time
                    $debrif_time = "00:".$_POST['debriHr'].":".$_POST['debriMin'];

                    //Organize BLOB
                    $blob = addslashes(file_get_contents($_POST['fileScenDetails']));


                    $sql="INSERT INTO scenario (title, description, est_scenario_time, est_debriefing_time, 
                                                origin, objectives, setting, preparation, participants, 
                                                patient_name, patient_sex, patient_age, patient_height, 
                                                patient_weight, patient_info, scoring, debrief, 
                                                scenario_file, scenario_text) 
                              VALUES ('".$_POST['title']."','".$_POST['desc']."', '$exec_time', '$debrif_time',
                                      '".$_POST['origin']."','".$_POST['object']."',
                                      '".$_POST['set']."','".$_POST['prep']."',
                                      '".$_POST['part']."','".$_POST['patName']."',
                                      '".$_POST['patSex']."','".$_POST['patAge']."',
                                      '".$_POST['patHt']."','".$_POST['patWt']."',
                                      '".$_POST['patInfo']."','".$_POST['score']."',
                                      '".$_POST['debrief']."','$blob',
                                      '".$_POST['textScenDetails']."');";

                    if($conn->query($sql) === TRUE) {
                    } else {
                        echo "Error: " . $sql . "<br>" . $conn->error;
                    } //end else

                    $conn->close();
/*
                    //Insert Target Users (Trainee Types)
                    insert_Scen_Dev('scenario','title', 'title','users',
                                    'valid_trainee_type','trainee_type', 'scenario_trainee_type', 
                                    'scenario_id', 'valid_trainee_type_id');

                    //Insert Capabilities
                    insert_Scen_Dev('scenario','title', 'title','capabilities',
                                    'valid_capability','name', 'scenario_capabilities', 
                                    'scenario_id', 'valid_capability_id');

                    //Insert Prerequisites
                    insert_Scen_Dev('scenario','title', 'title','prerequisites',
                                    'valid_prerequisite','prerequisite', 'scenario_prerequisites', 
                                    'scenario_id', 'valid_prerequisite_id');

                    //Insert Equipment
                    insert_Scen_Dev('scenario','title', 'title','equipment',
                                    'valid_equipment','equipment', 'scenario_equipment', 
                                    'scenario_id', 'valid_equipment_id');

                    //Insert Parameters
                    insert_Scen_Dev('scenario','title', 'title','parameters',
                                    'valid_parameter','parameter', 'scenario_parameters', 
                                    'scenario_id', 'valid_parameter_id');
*/

                    echo "<div class='sqlSuccess'>A new Scenario has been added!</div>";
                } //end else

            ?>

        </div>
</div>
    <!--End of the Content Section-->

    <!--This section is for the lower half of the page. From the copyright bar down.-->
<div id="footer">

        <div id="footerCenter">
            Copyright &copy; 
            <script language="javascript" type="text/javascript">
                var today = new Date();
                var year = today.getFullYear();
                document.write(year);
    </script>

        </div>
    </div>
    <!--End of the Footer Section-->
</div>
</body>

这段代码有几个问题。首先,除非您在表单元素上指定正确的 enctype 属性,否则文件不会上传:

<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

另外,文件地址在$_FILES['fileScenDetails']['tmp_name']下可用,而不在$_POST['fileScenDetails']下可用,所以:

$blob = addslashes(file_get_contents($_FILES['fileScenDetails']['tmp_name']));

请注意,您应该检查文件上传是否成功,否则您的代码将触发警告(例如,当用户不指定文件时)。添加如下内容:

if(isset($_FILES['fileScenDetails']['error']) && UPLOAD_ERR_OK == $_FILES['fileScenDetails']['error']) {
    // do your stuff here
} else {
    // display 'no-file' error to the user
}

此外,您一定要检查指定的文件是否真的上传了,以避免通过格式错误的请求窃取您的代码。在此处检查 is_uploaded_file 函数:http://php.net/manual/en/function.is-uploaded-file.php

还有一些可能的 SQL 注入和其他安全问题。