自动提交不会将数据发布到数据库 [英] Auto submit is not posting data to database
问题描述
我正在尝试将文件发布到 Blob.我创建了一个 HTML 表单,该表单在选择文件时自动发布:
</表单><script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script><script type="text/javascript">$('#pic1').click(function(){$('#userfile').trigger('click');});<script type="text/javascript">$('#userfile').change(function() {$('#target').提交();});
当我选择一个文件时,脚本将我导航到 post.php
.但它没有向数据库发布任何内容.
这是我的 post.php:
文件$fileName已上传
";}别的{$msg = "
文件$fileName未上传
";}?>
有人知道我的脚本有什么问题吗?
收到的错误信息如下:
<块引用>注意:未定义索引:第 12 行 (...) 中的 userfile
和
<块引用>注意:未定义变量:fileName in (...) on line 37
根据您的评论,由于 multipart/form-data
,
您需要使用 enctype="multipart/form-data"
在您的 中为:
第二,你需要在顶级声明中定义$fileName
为$fileName = '';
,否则你会得到另一个undefined变量通知
你需要在这一行之前声明:
if(isset($_POST['userfile']) && $_FILES['userfile']['size'] > 0) {
如:
$fileName = '';if(isset($_POST['userfile']) && $_FILES['userfile']['size'] > 0) {
第三, mysql_* 是不推荐使用的扩展并在 PHP7 中关闭,我建议您使用 mysqli_*
或 PDO
.
第四,你的代码对SQL注入是完全开放的,防止SQL注入,你可以使用PDO.
第五、不知道是什么?$_SESSION['user_id'];
一些有用的链接:
I am trying to post a file into a Blob. I have created a HTML form that automatically posts when A file is selected:
<form id="target" method="post" name="frmImage" class="frmImageUpload" action="./post.php">
<div id="pic1">
<input type="file" name="userfile" id="userfile" class="userfile"/>
</div>
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script type="text/javascript">
$('#pic1').click(function(){
$('#userfile').trigger('click');
});
</script>
<script type="text/javascript">
$('#userfile').change(function() {
$('#target').submit();
});
</script>
When I select a file the script is navigating me to post.php
. But it is not posting anything to the database.
Here is my post.php:
<?php
include_once '../../../../includes/connect.php';
include_once '../../../../includes/functions.php';
sec_session_start();
$correct = true;
if(isset($_POST['userfile']) && $_FILES['userfile']['size'] > 0) {
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$_SESSION['user_id'];
$fp = fopen($tmpName, 'rb');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
$query = "INSERT INTO temp (user_id, content) VALUES (". $_SESSION['user_id'] .", '$content')";
mysql_query($query) or die(mysql_error());
$msg = "<br>File <b>$fileName</b> uploaded<br>";
}
else
{
$msg = "<br>File <b>$fileName</b> not uploaded<br>";
}
?>
Does someone know what is wrong with my script?
Edit: the error message received are the following:
Notice: Undefined index: userfile in (...) on line 12
and
Notice: Undefined variable: fileName in in (...) on line 37
According to your comment, you are getting undefined index notice due to multipart/form-data
,
You need to use enctype="multipart/form-data"
in your <form>
as:
<form id="target" method="post" name="frmImage" class="frmImageUpload" action="./post.php" enctype="multipart/form-data">
Second, you need to define $fileName
as $fileName = '';
at top level declaration, otherwise you will get another undefined variable notice
You need to declare it before this line:
if(isset($_POST['userfile']) && $_FILES['userfile']['size'] > 0) {
as:
$fileName = '';
if(isset($_POST['userfile']) && $_FILES['userfile']['size'] > 0) {
Third, mysql_* is deprecated extension and closed in PHP7, i suggest you to use mysqli_*
or PDO
.
Fourth, you code is wide open for SQL injection, preventing for SQL injection, you can use PDO.
Fifth, and dont know what is it? $_SESSION['user_id'];
Some useful links:
How can I prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
这篇关于自动提交不会将数据发布到数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!