将图像上传到数据库的正确方法 [英] correct way to upload image to database
问题描述
我知道你们中的一些人会说这不是正确的方法,但是我必须在紧迫的期限内完成应用程序,到目前为止,我无法返回并修改代码以将图像存储在目录中.
i know some of you are going to say that this isnt the correct way but im on a tight deadline to finish an application and as of now i cant go back and modify the code to store the images in a directory.
现在就清除了
我的问题是我通过键入此图像将图像插入数据库.
the question i had is i inserted an image into the database by typing this.
(不要介意类安全性调用,只需检查一下数据是否有效即可)
(dont mind the class security call, all that is doing is a few checks if the data is valid)
$filename = $security->secure($_FILES['imgschool']['name']);
$tmpname = $security->secure($_FILES['imgschool']['tmp_name']);
$imgsize = $security->secure($_FILES['imgschool']['size']);
$imgtype = $security->secure($_FILES['imgschool']['type']);
$school = $security->secure($_POST['school']);
//begin upload
if($imgsize > 0) {
$handle = fopen($tmpname, "r");
$content = fread($handle, filesize($tmpname));
$content = addslashes($content);
//code to add all this to database
}
变量$ content是图像,它得到的所有内容都是加号.我记得有人曾经提到要使用base64做它,但是我几乎记不起它是怎么写的.
the variable $content is the image and all its getting is the addslashes. i remember someone once mentioning to do it with something called base64 but i can barely recall how it was written.
这就是我从数据库中调用图像的方式
this is how i am calling the image from the database
除了所有查询之外 这是调用图像的主要部分
aside from all the queries and whatnot this is the main part that is calling the image
header("Content-length: ".$imgsize);
header("Content-type: ".$imgtype);
header("Content-Disposition: attachment; filename=".$imgname);
print $row['img'];
我遇到的问题是,而不是图像显示.该网址仅显示,因此在这种情况下,我只会看到此
the problem i am having is that instead of the image showing. the url is only showing, so in this case i only see this
http://localhost/admin/school-catalog.php ?page = gallery& id = 4
打开页面以使用url中设置的正确参数查看图像时.
when opening the page to view the image with the correct params set in the url.
对于那些想查看为保存图像而进行的查询的人,依此类推 我复制了整个部分
for those that wanted to see the query that is being done to save the image and so forth i copied the whole section
//save image to db
if(isset($_POST['btnupload'])) {
$filename = $security->secure($_FILES['imgschool']['name']);
$tmpname = $security->secure($_FILES['imgschool']['tmp_name']);
$imgsize = $security->secure($_FILES['imgschool']['size']);
$imgtype = $security->secure($_FILES['imgschool']['type']);
$school = $security->secure($_POST['school']);
//begin upload
if($imgsize > 0) {
$handle = fopen($tmpname, "r");
$content = fread($handle, filesize($tmpname));
$content = base64_encode($content);
}
$save = mysql_query("insert into tbl_schoolgallery(id,hash,img,imgtype,imgsize) values(null,'$school','$content','$imgtype','$imgsize')") or die(mysql_error());
header("Location: school-catalog.php?page=school_gallery");
}
//call image from db
$query = mysql_query("select * from $tbl where id = '$id'") or die(mysql_error());
while($row = mysql_fetch_assoc($query)) {
$imgtypeget = explode("/", $row['imgtype']);
$imgname = "img.".$imgtypeget[1];
$imgtype = $row['imgtype'];
$imgsize = $row['imgsize'];
header("Content-length: ".$imgsize);
header("Content-type: ".$imgtype);
print base64_decode($row['img']);
print $row['img'];
}
推荐答案
使用addslashes是极其错误的.根据您的列是TEXT字段还是BLOB字段,应使用Base64或mysql_real_escape_string.
Using addslashes is extremely incorrect. Depending on whether your column is a TEXT field or a BLOB field, you should use Base64 or mysql_real_escape_string.
使用Base64并不难;您最好使用这种方式.只需将addslashes替换为base64_encode,然后将图像替换为base64_decode.
Using Base64 isn't that hard; you may as well use that way. Just replace addslashes with base64_encode and echo the image with base64_decode.
为此,有一种更简单的方法可以编写整个内容:
There's a bit easier way to write the whole thing, for that matter:
// begin upload
if ($imgsize > 0)
{
$content = file_get_content($tmpname);
$content = base64_encode($content);
}
然后真的只需要输出
header("Content-type: ".$imgtype);
echo base64_decode($img);
但是,如果该列是BLOB,则可以直接使用mysql_real_escape_string:
If the column is a BLOB, however, you can directly use mysql_real_escape_string:
// begin upload
if ($imgsize > 0)
{
$content = file_get_content($tmpname);
$content = mysql_real_escape_string($content);
}
然后:
header("Content-type: ".$imgtype);
echo $img;
尽管从您当前的症状来看,我想您还存在一个与如何存储图像以及如何从数据库中调用图像有关的错误,我需要查看代码的那部分来进行查询在我可以帮助您修复该部分之前先插入数据库并从数据库中读取数据.
Although judging from your current symptoms, I'm guessing you also have a bug relating to how your image is being stored and recalled from the database, and I'd need to see that part of the code where you make the queries to insert and read from the database before I could help you fix that part.
您当前的代码似乎还不错.一些问题:
Your current code seems mostly fine. A few issues:
print base64_decode($row['img']);
print $row['img'];
您可能打算摆脱第二行.另外,您应该使用echo而不是print;每个人都使用它,有时它可能会稍微快一点,并且print除了返回值之外没有任何其他好处:
You probably meant to get rid of the second row. Also, you should use echo instead of print; everyone uses it, it can be slighty faster sometimes, and print doesn't really have any benefit other than returning a value:
echo base64_decode($row['img']);
$security->secure()似乎是某种消毒功能.只需使用mysql_real_escape_string()-那就是您应该使用的那个. $imgsize除外;您可能要在那个上使用intval(),因为您知道它应该是整数.
$security->secure() appears to be some sort of sanitization function. Just use mysql_real_escape_string() - that's the one you're supposed to use. Except $imgsize; you might want to use intval() on that one since you know it's supposed to be an integer.
也在这里:
$query = mysql_query("select * from $tbl where id = '$id'") or die(mysql_error());
您将表命名为tbl_schoolgallery在表上方几行.我假设$tbl == 'tbl_schoolgallery',但是为了保持一致,您应该在两个地方都使用$tbl或在两个地方都使用tbl_schoolgallery.
You name the table tbl_schoolgallery a few rows above that. I assume $tbl == 'tbl_schoolgallery', but for consistency, you should either use $tbl in both places or tbl_schoolgallery in both places.
此外,将while替换为if-如果代码无论如何循环多次,都将引起麻烦.
Also, replace that while with an if - your code would cause trouble if it ever loops more than once, anyway.
这篇关于将图像上传到数据库的正确方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
