通过xmlhttprequest将带有userid的字符串与文件一起发送 [英] sending string with userid together with files through xmlhttprequest

问题描述

我使用以下代码上传文件而不刷新我的页面，但我需要将当前登录用户的用户ID与文件一起发送，这些文件存储在$ _SESSION ['UserID']中。

I am using the following code to upload files without refreshing my page but I need to send the userid of the currently logged in user together with the files, which is stored in $_SESSION['UserID'].

var fileSelect = document.getElementById('file');
var files = fileSelect.files;
var formData = new FormData();
var div = document.getElementById('UploadInfo');

// Loop through each of the selected files.
for (var i = 0; i < files.length; i++) {
    var file = files[i];

    // Check the file type.
    if (!file.type.match('image.*')) {
        alert("File: " + file.name + " is not an image and will not be uploaded.");
        continue;
    }

    // Add the file to the request.
    formData.append('images[]', file, file.name);
}

var xhr = new XMLHttpRequest();
xhr.open('POST', 'Php/upload_file.php', true);
xhr.send(formData);

我尝试使用以下行没有成功，这意味着我没有收到我的用户ID值phpscript，$ _POST为空，$ _FILES仅包含fileinfo。

I have tried using the following line without success, which means i am not recieveing the userid value in my phpscript, $_POST is empty and $_FILES contains only the fileinfo.

formData.append('UserID', '<%=$_SESSION["UserID"] %>');

我还有其他办法吗？

我的PHP代码：

if(isset($_FILES)) {
$numberOfFiles = count($_FILES['images']['name']);
for($id = 0; $id < $numberOfFiles; $id++)
{
    if (file_exists($_FILES["images"]["tmp_name"][$id])) {
        $destination = "../UploadedImages/" . $_FILES['UserID'] . $_FILES["images"]["name"][$id];
        move_uploaded_file($_FILES["images"]["tmp_name"][$id], $destination);
    }
}

}

exit（）;

推荐答案

看起来你需要在PHP脚本中使用$ _POST，你有$ _FILES ['UserID']而不是$ _POST ['UserID']。我还添加了一个检查以查看UserID是否已通过，并添加了变量$ userId，然后如果$ _POST ['UserID']未通过到php脚本，我使用die并发回错误。

It looks like you need to use $_POST in your php script, you had $_FILES['UserID'] instead of $_POST['UserID'] .I also added a check to see if the UserID was passed, and added a variable $userId, then if $_POST['UserID'] did not get passed to the php script, i use die and send back an error.

注意：您应该检查$ _POST ['UserID']以确保它不包含SQL注入脚本或可能导致问题的有害代码。

NOTE: You should be checking $_POST['UserID'] to make sure it doesn't contain SQL injection scripts, or harmful code that can cause issues.

if(isset($_FILES) || isset($_POST)) {

    $numberOfFiles = count($_FILES['images']['name']);
    $userId = ''; //Create userId variable

    //Check if the UserID exists in the autoglobal $_POST
    if(array_key_exists('UserID', $_POST) === true) { 
        //Now we can add UserId to our variable
        $userId = $_POST['UserID']; 

    } else { 

        die('UserID was not passed');

    }

    for($id = 0; $id < $numberOfFiles; $id++)
    {
        if (file_exists($_FILES["images"]["tmp_name"][$id])) {
            $destination = $userId . $_FILES["images"]["name"][$id];
            move_uploaded_file($_FILES["images"]["tmp_name"][$id], $destination);
        }
    }


} else {
   echo "$_POST and $_FILES dont exist";
}

编辑：修正了一些语法错误，请重新查看代码并制作确定你有最新版本。

Edits: Fixed up some syntax errors, please re look at the code and make sure you have the latest version.

这篇关于通过xmlhttprequest将带有userid的字符串与文件一起发送的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！