我已经在过去的一周里一直在研究这段代码,它让我很困惑。我在各个论坛上搜索了很久,但只能找到关于这个特定主题的很少信息。
我想使用一个表单来上传文本和图片。 图像被上传到目录(upload /),而图像路径和文本被插入到数据库表(upgrade.Testimonials)中。 索引、上传者php和上传文件夹都存在于www.mywebsite.com/testimonials中。
执行表单后,我收到了“Connected to $ftp_server, for user $USERNAME SAVED Stored in: upload/”,但没有上传照片,并且存储在数据库中的路径没有标题。 但是,所有其他信息都已成功提交到数据库。
我用TextWrangler打开了file_upload.php,但它没有给我任何错误。 使用Godaddy托管。
除了对SQL注入的重大漏洞之外,为什么我无法上传图像!?
这是我到目前为止所拥有的,请帮忙!
file_upload.php
<?php
if(isset($_POST['add']))
{
$dbhost = '';
$dbuser = '';
$dbpass = '';
$db_name = 'upgrade';
$tbl_name = 'Testimonials';
$ftp_user = '';
$ftp_pass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("$db_name")or die("cannot select DB");
$ftp_server = "";
$ftp_conn = ftp_connect($ftp_server) or die("Could not connect to $ftp_server");
// login with username and password
$login_result = ftp_login($ftp_conn, $ftp_user, $ftp_pass);
// check connection
if ((!$ftp_conn) || (!$login_result)) {
echo "FTP connection has failed!";
echo "Attempted to connect to $ftp_server for user $ftp_user";
exit;
} else {
echo "Connected to $ftp_server, for user $ftp_user";
}
$Fname = $_POST['fname'];
$Email = $_POST['email'];
$Content = $_POST['content'];
$filePath="http://www.mywebsite.com/testimonials/upload/" . $_FILES["file"]["name"];
$Type = $_POST['type'];
if ($_FILES["file"]["error"] > 0)
{
echo "Error: NO CHOSEN FILE <br />";
echo"INSERT TO DATABASE FAILED";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], __DIR__ . "/upload/" . $_FILES["file"]["name"]);
echo"SAVED<br>";
$query_image = "INSERT INTO $tbl_name (fname, email, content, image,type, submission_date) VALUES ('$Fname','$Email','$Content','$filePath','$Type',curdate())";
if(mysql_query($query_image))
{
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
else
{
echo 'File name not stored in database';
}
}
}
?>
来自INDEX.php的表单。
<form method="post" enctype="multipart/form-data" action="/testimonials/file_upload.php">
<table>
<tr>
<td width="250">Name</td>
<td>
<input name="fname" type="text" id="fname" /><br />
</td>
</tr>
<tr>
<td width="250">Email: (will not be publicized)</td>
<td>
<input name="email" type="text" id="email" /><br />
</td>
</tr>
<tr>
<td width="250">Client Type</td>
<td id="mainselection">
<select name="type" id="type">
<option></option>
<option value="Residential">Residential</option>
<option value="Business">Business</option>
</select>
</td>
</tr>
<tr>
<td width="250">Comments</td>
<td>
<textarea id="content" name="content" rows="10" cols="50" style="border-style:groove;box-shadow: 4px 4px 4px 4px #888888;"placeholder="Please describe your experience"></textarea>
</td>
</tr>
<tr>
<td width="250">Image</td>
<td>
<input name="image" type="file" id="file">
</td>
</tr>
<tr>
<td width="250"> </td>
<td>
<input name="add" type="submit" id="add" value="Add Testimonial">
</td>
</tr>
</table>
</form>
__DIR__."/upload/";
来获取完整路径。 - engvrdr