使用 html 和 php 将图像上传并显示到 mysql

Question

我正在尝试将我的 HTML 表单的图像上传到我的 MySQL blob 列中。插入已成功完成，但知道直接插入 MySQL 的图像显示正确，图像的显示无法正常工作。

HTML 代码：

 <form class="form-horizontal" method='POST' action="add_question_submit.php" id="addQuestionForm" enctype="multipart/form-data">
          <div class="form-group">
              <textarea rows="4" cols="50" name="question" form="addQuestionForm" placeholder="Enter Question in brief.... " required></textarea><br>
              <input type="file" class="form-control" id="image" name="image" required><br>
              <input type="text" class="form-control" id="answer" placeholder="Enter Correct Answer" name="answer"  required><br>
              <input type="number" class="form-control" id="category_id" placeholder="Enter category id (only numeric)" name="category_id" required><br>
              <input type="number" class="form-control" id="level_id" placeholder="Enter level id (only numeric)" name="level_id" required><br>
              <input type="submit" name="submit" value="submit" class="btn btn-primary">
          </div>
        </form>

PHP 代码：

$file_temp = base64_encode( file_get_contents( $_FILES['image']['tmp_name'] ) ); 
$image = getimagesize($file_temp);
$query = "INSERT INTO  questions(question_name, image, answer, category_id,level_id)VALUES('$question', '$image','$answer', '$category_id', '$level_id')";
$result = mysqli_query($conn, $query);
header("Location: display_question.php");

display_question.php：

<td><?php echo '<img src="data:image/png;base64,'.base64_encode($row['image']).'" />'; ?></br><br/></td>

Answer 1

以下是将图像上传到特定文件夹的功能。 你可以像下面这样的功能：

Param 1: is the folder where we need to store the new image  
Param 2: is FILES  
Param 3: if any prefix for the image we need to pass it.  
Param 4: if there is any previously uploaded image for same record. It should be deleted from the folder. Generally it is usefull when you are editing particluar record.  

uploadfile("profile",$_FILES,"profile_pic");

代码在这里：

 function uploadfile($folder,$data,$preFix = "logo_",$previousImage="") {
        $location = (pathinfo($_SERVER['SCRIPT_FILENAME']));
        $uploads_dir = $location['dirname'] . "/assets/uploads/" . $folder . "/";
        $fileNames = "";
        $tmp_name = $data["tmp_name"];
        $name = $data["name"];
        $fileExtension = pathinfo($name, PATHINFO_EXTENSION);
        $newfilename = $preFix . date("ymdhms") . '.' . $fileExtension;
        $fulldest = $uploads_dir . $newfilename;
        if (move_uploaded_file($tmp_name, $fulldest)) {
            if($previousImage != "")
                $this->removePreviousImage($folder, $previousImage);     //deleting existing image
            return $newfilename;
        } else {
            exit("Error File Uploading");
        }
    }

Answer 2

首先，您将错误的信息存储到数据库中，您存储的是文件大小而不是编码图像。

$file_temp = base64_encode( file_get_contents( $_FILES['image']['tmp_name'] ) ); 
$image_size = getimagesize($file_temp);
$query = "INSERT INTO  questions(question_name, image, answer, category_id,level_id)
                        VALUES('$question', '$file_temp','$answer', '$category_id', '$level_id')";
$result = mysqli_query($conn, $query);
header("Location: display_question.php");

其次，如果您已将文件的 base64 编码版本存储到数据库中，则在从数据库中检索文件时无需再次对其进行编码，因此您的 <img> 标签应该是

<?php echo "<img src='data:image/png;base64,$row[image]'/>"?>
</br><br/></td>

第三，也是最重要的，您需要使用参数化绑定查询来保护您的应用免受SQL Injection Attack

$file_temp = base64_encode( file_get_contents( $_FILES['image']['tmp_name'] ) ); 
$image_size = getimagesize($file_temp);
$query = "INSERT INTO  questions
                      (question_name, image, answer, category_id,level_id)
                VALUES(?,?,?,?,?)";

$stmt = $conn->prepare($query);
$stmt->bind_params('sssss',  $question, 
                            $file_temp,
                            $answer,
                            $category_id,
                            $level_id);
$result = $stmt->execute();
if (!$result) {
    echo $conn->error;
}
header("Location: display_question.php");