PHP 即使文件 upload/field 元素被禁用,脚本也会插入
PHP Script insert even if file upload/field element is disabled
您好,我似乎无法确定问题所在。我有一个包含元素的表单。你能检查一下脚本吗?我只知道它缺少一些东西,但像我这样的菜鸟不知道。 Basically when the Smart Money radio button is selected, the BPI is disabled,and vice versa.它应该在数据库中插入数据输入。如果选择的无线电 btn 是 BPI,它工作正常,但如果选择智能货币并且用户输入数据并且禁用 BPI/file 上传,它不会在数据库中插入任何内容。你能告诉我该怎么做我认为脚本有点放错了,因为查询在文件上传脚本下面。我认为当 upload/that 选项没有被禁用时它不会插入任何东西。我猜是文件上传脚本干扰了。
PHP:
if(isset($_FILES['filename'])){
$errors = array();
$file_name = $_FILES['filename']['name'];
$file_size =$_FILES['filename']['size'];
$file_tmp =$_FILES['filename']['tmp_name'];
$file_type=$_FILES['filename']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152){
$errors[]='File size must be excately 2 MB';
}
// if no error...
if (empty($errors)==true) {
// upload the file...
move_uploaded_file($file_tmp,"uploads/".$file_name);
$servername = "localhost";
$username = "root";
$password = " ";
$dbname = "admin";
// create new record in the database
include ("dbinfo.php");
mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;
header('Location: paymentform_success.php');
}else{
print_r($errors);
}
}
表格:
<form name="form" method="POST" enctype="multipart/form-data">
<table width="416" height="245" border="1" align="center">
<tr>
<td colspan="2">Transaction No: <input type="text" name="transaction_no" id="transaction_no" /> </td>
</tr>
<tr>
<td colspan="2" align="center">Please select the mode of payment</td>
</tr>
<tr>
<td width="183" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="Smart Money">
Smart Money</td>
<td width="201" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="BPI"> BPI Bank Deposit</td>
</tr>
<tr>
<td align="center"><input name="contactno" type="text" disabled="disabled" id="contactno"></td>
<td align="center"><input name="filename" type="file" id="filename" disabled="disabled"/></td>
</tr>
<tr>
<td>Total amount sent:</td>
<td> <input type="text" name="totalsent" id="totalsent" /></td>
</tr>
<tr>
<td>Date sent:</td>
<td> <input type="text" name="datesent" id="datesent" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input name="submit" type="submit" id="submit" value="Submit" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form" />
</form>
JS disable/enable
<script type="text/javascript">
function enableField(obj){
var form=obj.form;
var txtNames=['contactno','filename'], f;
var rads=document.getElementsByName(obj.name), r, i=0;
while(r=rads[i++]){
f=form[txtNames[i-1]];
if(r.checked){
f.removeAttribute('disabled');
f.focus();
}
else{
f.value='';
f.setAttribute('disabled','disabled')
}
}
}
</script>
在 if(isset($_FILES['filename']))
块之外执行 INSERT
。
if (isset($_POST['submit'])) {
$errors = array();
if (isset($_FILES['filename'])) {
$file_name = $_FILES['filename']['name'];
$file_size =$_FILES['filename']['size'];
$file_tmp =$_FILES['filename']['tmp_name'];
$file_type=$_FILES['filename']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152){
$errors[]='File size must be excately 2 MB';
}
// if no error...
if (empty($errors)==true) {
// upload the file...
move_uploaded_file($file_tmp,"uploads/".$file_name);
}else{
print_r($errors);
}
} else {
$file_name = '';
}
if (empty($errors)) {
$servername = "localhost";
$username = "root";
$password = " ";
$dbname = "admin";
// create new record in the database
include ("dbinfo.php");
$transactionNo = $_POST['transaction_no'];
$rad = $_POST['rad'];
$contactNo = $_POST['contactno'];
$totalSent = $_POST['totalsent'];
$dateSent = $_POST['datesent'];
mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;
header('Location: paymentform_success.php');
}
}
您好,我似乎无法确定问题所在。我有一个包含元素的表单。你能检查一下脚本吗?我只知道它缺少一些东西,但像我这样的菜鸟不知道。 Basically when the Smart Money radio button is selected, the BPI is disabled,and vice versa.它应该在数据库中插入数据输入。如果选择的无线电 btn 是 BPI,它工作正常,但如果选择智能货币并且用户输入数据并且禁用 BPI/file 上传,它不会在数据库中插入任何内容。你能告诉我该怎么做我认为脚本有点放错了,因为查询在文件上传脚本下面。我认为当 upload/that 选项没有被禁用时它不会插入任何东西。我猜是文件上传脚本干扰了。
PHP:
if(isset($_FILES['filename'])){
$errors = array();
$file_name = $_FILES['filename']['name'];
$file_size =$_FILES['filename']['size'];
$file_tmp =$_FILES['filename']['tmp_name'];
$file_type=$_FILES['filename']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152){
$errors[]='File size must be excately 2 MB';
}
// if no error...
if (empty($errors)==true) {
// upload the file...
move_uploaded_file($file_tmp,"uploads/".$file_name);
$servername = "localhost";
$username = "root";
$password = " ";
$dbname = "admin";
// create new record in the database
include ("dbinfo.php");
mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;
header('Location: paymentform_success.php');
}else{
print_r($errors);
}
}
表格:
<form name="form" method="POST" enctype="multipart/form-data">
<table width="416" height="245" border="1" align="center">
<tr>
<td colspan="2">Transaction No: <input type="text" name="transaction_no" id="transaction_no" /> </td>
</tr>
<tr>
<td colspan="2" align="center">Please select the mode of payment</td>
</tr>
<tr>
<td width="183" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="Smart Money">
Smart Money</td>
<td width="201" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="BPI"> BPI Bank Deposit</td>
</tr>
<tr>
<td align="center"><input name="contactno" type="text" disabled="disabled" id="contactno"></td>
<td align="center"><input name="filename" type="file" id="filename" disabled="disabled"/></td>
</tr>
<tr>
<td>Total amount sent:</td>
<td> <input type="text" name="totalsent" id="totalsent" /></td>
</tr>
<tr>
<td>Date sent:</td>
<td> <input type="text" name="datesent" id="datesent" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input name="submit" type="submit" id="submit" value="Submit" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form" />
</form>
JS disable/enable
<script type="text/javascript">
function enableField(obj){
var form=obj.form;
var txtNames=['contactno','filename'], f;
var rads=document.getElementsByName(obj.name), r, i=0;
while(r=rads[i++]){
f=form[txtNames[i-1]];
if(r.checked){
f.removeAttribute('disabled');
f.focus();
}
else{
f.value='';
f.setAttribute('disabled','disabled')
}
}
}
</script>
在 if(isset($_FILES['filename']))
块之外执行 INSERT
。
if (isset($_POST['submit'])) {
$errors = array();
if (isset($_FILES['filename'])) {
$file_name = $_FILES['filename']['name'];
$file_size =$_FILES['filename']['size'];
$file_tmp =$_FILES['filename']['tmp_name'];
$file_type=$_FILES['filename']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152){
$errors[]='File size must be excately 2 MB';
}
// if no error...
if (empty($errors)==true) {
// upload the file...
move_uploaded_file($file_tmp,"uploads/".$file_name);
}else{
print_r($errors);
}
} else {
$file_name = '';
}
if (empty($errors)) {
$servername = "localhost";
$username = "root";
$password = " ";
$dbname = "admin";
// create new record in the database
include ("dbinfo.php");
$transactionNo = $_POST['transaction_no'];
$rad = $_POST['rad'];
$contactNo = $_POST['contactno'];
$totalSent = $_POST['totalsent'];
$dateSent = $_POST['datesent'];
mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;
header('Location: paymentform_success.php');
}
}