【发布时间】:2014-12-28 05:48:03
【问题描述】:
我有一个包含名为programs.php 的admin.php 页面。这包含在 /includes/programs_form.php 中的一个文件夹下。 programs_form.php 使用一个名为 image_programs.php 的操作,它也位于包含文件夹中。表单中的提交按钮在直接从programs_form.php 调用时有效,但在从admin.php 调用时无效。我猜这与我调用 image_programs.php 的方式有关,但我不确定……谢谢
HTML:
<h3 style="text-align:center">Add A Program</h3>
<div class="wrapperadmin">
<p style="text-align:center">
<table width="400" border="2" cellspacing="1" cellpadding="2">
<form id="comment_form" name="Image" enctype="multipart/form-data" action="image_programs.php" method="POST">
<tr>
<td width="100">Program Name</td>
</tr>
<tr>
<td><input class="commentarea" name="program_name" type="text" id="program_name" placeholder="Program Name."></td>
</tr>
<tr>
<td width="100">Program Description</td>
</tr>
<tr>
<td><textarea class="commentarea" name="program_description" type="text" id="program_description" rows="10" style=" overflow:hidden; height:auto" placeholder="Your Program Descrition Here." ></textarea></td>
</tr>
<tr>
<td>
<input type="File" name="Photo" size="2000000" accept="image/gif, image/jpeg, image/x-ms-bmp, image/x-png" size="26"></td>
</tr>
<tr>
<td>
<INPUT type="submit" class="button" name="Submit" value="Submit" size="26">
</td>
</tr>
</form>
</table>
</p>
</div>
PHP:
<?PHP
error_reporting(E_ALL); ini_set('display_errors', 1);
$hostname = "localhost:3306";
$db_user = "root";
$db_password = "admin";
$database = "smlc";
$db_table = "program";
$db = mysqli_connect($hostname, $db_user, $db_password);
mysqli_select_db($db, $database);
$uploadDir=dirname(__FILE__)."/images/uploaded/programs/";
if(isset($_POST['Submit']))
{
$program_name = $_POST['program_name'];
$program_description = $_POST['program_description'];
$fileName = $_FILES['Photo']['name'];
$tmpName = $_FILES['Photo']['tmp_name'];
$fileSize = $_FILES['Photo']['size'];
$fileType = $_FILES['Photo']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName,$filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$sql_program = "INSERT INTO program (program_name, program_description,filepath)
VALUES ('$program_name', '$program_description','$filePath')";
$retval = mysqli_query($db, $sql_program);
if(! $retval )
{
die('Could not update data: ');
}
echo "<script type='text/javascript'>alert('Update Successful!');</script>";
}
else
{
}
?>
【问题讨论】:
-
我在尝试将所有内容拼凑在一起时遇到了一些困难,即关于代码体调用了哪些文件名。如果它在另一个文件中不起作用,很可能是因为条件语句
if(isset($_POST['Submit']))但我可能是错的。您需要包含您的“包含”结构。 -
请注意,依靠魔术引号和/或使用
addslashes来防止sql注入,是一个非常糟糕的主意。使用准备好的语句或使用mysqli_real_escape_string转义值。 -
包含结构为:admin.php在根目录下,包含../includes/program_form.php(在program_form.php中调用了动作../includes/image_programs.php)
-
完全正确的 jeroen 刚刚改了。