如何检索使用PHP上传的文件 [英] How to retrieve uploaded files using php

问题描述

确定。我在这个网站上搜索自2011年8月24日以来（不重要），以显示用户上传的文件的方式。我有我的表单在管理端，一切工作正常。我也有一个表格显示用户填写的表格也是可行的。但我无法在表格中查看文件或名称。
$ b

我的数据库表中有一个主ID auto_increment int（11）unsigned。

下面是我写的代码：

  //这将从表单中获取所有其他信息
 $ company = $ _ POST ['company']; 
 $ location = $ _ POST ['location']; 
 $ pic =（$ _ FILES ['userfile'] ['name']）; 
 
 $ query =INSERT INTO user_DB VALUES（''，'$ company'，'$ location'，'$ userfile'）; 
 
 //定位到我的文件的路径
 $ target_path =uploads / post_id /; 
 if（！is_dir（$ target_path））mkdir（$ target_path）; 
 $ uploadfile = $ target_path。基名（$ _ FILES [ userfile的] [名称]）; 
 
 //将上传的文件移动到$ taget_path 
（move_uploaded_file（$ _ FILES ['userfile'] ['tmp_name']，$ uploadfile））; 
  

在填写详细信息的表单中，我有以下内容：

 < tr> 
< td>< label for =company_name>公司名称< / label>< / td> 
< td>< input type =textname =companyid =companyvalue =size =38/>< / td> 
< / tr> 
< tr> 
< td>< label for =location>位置< / label>< / td> 
< td>< input type =textname =locationid =locationvalue =/>< / td> 
< / tr> 
< tr> 
< td>上载档案：< / td> 
< td>< input name =userfileid =userfiletype =file/>< / td> 
< / tr> 
  

显示查询结果的前端表格如下所示，只是文件域。

  echo< td>; 
 echo< a href = .. / admin / uploads / post_id /> $ row'userfile'< / a>; 
回显< / td>; 
  

因此，您可以看到我正在尝试获取文件名以及文件本身。如果它是一个pdf / jpg / doc，我应该能够查看/下载它时，我点击链接。

蚂蚁的想法...

解决方案

一些建议，你可以改变，以得到这个工作。

上传表单

您的表单代码是什么样的？不要忘记按照以下方式包含 enctype 参数：

  < form type =postaction =enctype =multipart / form-data> 
 ... 
< / form> 
  

2。 Sanitisation

  $ company = mysql_real_escape_string（$ _ POST ['company']）; 
 $ location = mysql_real_escape_string（$ _ POST ['location']）; 
 $ pic = mysql_real_escape_string（$ _ FILES ['userfile'] ['name']）; 
  

以上几行是帮助防止查询遭受SQL注入攻击的第一步。 3>。

3。 SQL Query

$ userfile 不存在，因为您已将文件名实际分配给 $ pic 代替，所以你的查询应该是这样的：

$ $ $ $ $ $ $ $ $ query =INSERT INTO user_DB
VALUES（''，'$ company'，'$ location'，'$ pic'）;

4。 HTML输出

现在链接到输出表中的文件：

  echo< td>; 
回显< a href =。 $ target_path。 basename（$ row ['userfile']）。 > 
 {$ row ['userfile']}< / a>; 
回显< / td>; 
  

Ok. I have searching on this site Since August 24 2011.(not that it matters) for a way to display files that have been uploaded by a user. I have my form on the admin side and everything is working fine. I also have a table displaying whatever the user has filled in the form which also works. But I can not view the file or its name on the table.

My database table has a primary id auto_increment int(11) unsigned.

Here is the code I wrote:

//This gets all the other information from the form 
$company=$_POST['company']; 
$location=$_POST['location'];
$pic=($_FILES['userfile']['name']);

$query = "INSERT INTO user_DB VALUES ('','$company', '$location', '$userfile' )";

//target to the path of my files
$target_path = "uploads/post_id/";
if(!is_dir($target_path)) mkdir($target_path);
$uploadfile = $target_path . basename($_FILES['userfile']['name']);

//Move the uploaded file to $taget_path
(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile));

On the form which you fill in the details I have the following:

<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" id="company" value="" size="38" /></td>
</tr>
<tr>
<td><label for="location">Location</label></td>
<td><input type="text" name="location" id="location" value="" /></td>
</tr>
<tr>
<td>Upload a File:</td>
<td><input name="userfile" id="userfile" type="file" /></td>
</tr>

The table which is on the front end that displays the query results looks like this, just the file feild.

echo "<td>";
echo "<a href=../admin/uploads/post_id/> $row'userfile'</a>";
echo "</td>";

So as you can see I am trying to get the file name as well as the file itself. If its a pdf/ jpg/doc I should be able to view/download it when I click the link.

Ant ideas ...

解决方案

Some suggestions for what you could change to get this working.

1. Upload form

What does your form tag look like? Don't forget to include the enctype parameter as per below:

<form type="post" action="" enctype="multipart/form-data">
    ...
</form>

2. Sanitisation

$company  = mysql_real_escape_string($_POST['company']); 
$location = mysql_real_escape_string($_POST['location']);
$pic      = mysql_real_escape_string($_FILES['userfile']['name']);

The above lines are the first step in helping to prevent your queries from suffering SQL injection attacks.

3. SQL Query

$userfile does not exist as you have actually assigned the file name to $pic instead so your query should look like this:

$query = "INSERT INTO user_DB 
          VALUES ('','$company', '$location', '$pic')";

4. HTML Output

Now to link to the file in your output table:

echo "<td>";
echo "<a href=" . $target_path . basename($row['userfile']) . ">
         {$row['userfile']}</a>";
echo "</td>";

这篇关于如何检索使用PHP上传的文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！