php - 图像插入数据库并显示使用 php 和 mysql 不起作用

Question

我不知道为什么这不起作用。请帮助我摆脱困境

<form action="login.php" method="post" enctype="multipart/form-data">

<br><br><br>
Select image: <input type="file" name="image" size="40" id="image">
<br><small> must be less than 512kb </small>

<br><br>
<input type="submit" name="submit" value="submit">  
</form>


<?php 
    // Script Error Reporting
    error_reporting(E_ALL);
    ini_set('display_errors', '1');
?>

数据库中有 3 列，例如 id 、 name 、 image 作为 long blob 类型

<?php

if(isset($_POST['submit']))
{   
    $con=@mysqli_connect("localhost","root","","work");
    $imagedata=mysqli_real_escape_string($con,file_get_contents($_FILES['image'] ['tmp_name']));
    $imagename=mysqli_real_escape_string($con,$_FILES['image'] ['name']);
    $imagetype=mysqli_real_escape_string($con,$_FILES['image'] ['type']);

    if(substr($imagetype,0,5) =="image")
    {
     $con=@mysqli_connect("localhost","root","","work");
     mysqli_query($con,"INSERT INTO pics VALUES('$imagename','$imagedata')" or die (mysqli_error($con)));
    }
    else
    {
    echo"only images are allowed";
    }
}
?>
<img src="showimage.php" />

showimage.php

<?php

    $con=@mysqli_connect("localhost","root","","work");

    $query = mysqli_query($con,"select* from pics" or die (mysqli_error($con)));

    $row=mysqli_fetch_assoc($query);

    $imagedata= $row["image"];

    header("content-type: image/jpeg");

    echo $imagedata;

?>

请大家帮帮我。我不知道我在这里做错了什么。

Answer 1

注意:

• 您为何反复声明您的 $con ？
• 使用mysqli_real_escape_string()对于清理变量的值很有用，但最好也是必须使用 mysqli_prepared statement .
• 您执行上传操作的代码在哪里？
• 在根文件夹中创建一个名为 images 的文件夹
• 您可以使用accept输入文件的标签。添加此accept=".jpg, .jpeg, .png"给您<input type="file".. 。并在您的 PHP 提交页面中添加检查，以检查它是否确实是图像。
• 您要插入文件名的表/列的名称是什么？
• 我对下面的代码进行了一些解释。

您可以将您的login.php更改为:

<?php

  if(isset($_POST['submit']))
  {   

    $con = new mysqli("localhost","root","","work"); /* ESTABLISH CONNECTION */

    $uploadedfile = $_FILES["image"]["tmp_name"];
    $allowedExts = array("png","jpg","jpeg"); /* ACCEPTED FILE FORMAT */
    $filename = $_FILES["image"]["name"]; /* NAME OF THE FILE */
    $extension = pathinfo($filename, PATHINFO_EXTENSION); /* GET THE FILE EXTENSION */
    $extension = strtolower($extension); /* LOWER THE STRINGS OF THE EXTENSION */

    if(in_array($extension,$allowedExts)){ /* IF FILE IS INDEED AN IMAGE */

      $path = "images/".$filename; /* DIRECTORY WHERE YOU WANT TO STORE THE IMAGE ALONG WITH THE FILE NAME */
      move_uploaded_file($uploadedfile,$path); /* MOVE THE FILE TO YOUR IMAGES FOLDER */

      /* PLEASE CHANGE THE NECESSARY TABLE NAME AND COLUMN NAME IN THE QUERY BELOW*/
      if($stmt = $con->prepare("INSERT INTO pics (name) VALUES (?)")){
        $stmt->bind_param("s",$filename); /* BIND THE FILE NAME TO THE QUERY */
        $stmt->execute(); /* EXECUTE THE QUERY */
        $stmt->close();
      } /* END OF PREPARED STATEMENT */

      echo '<img src="images/'.$filename.'">'; /* OUTPUT THE UPLOADED IMAGE */

    } /* END OF IF; CHECKING THE ALLOWED EXTENSIONS */

    else { /* IF FILE FORMAT IS NOT SUPPORTED */

      echo "You did not upload an image.";

    } /* END OF ELSE */

  } /* END OF ISSET POST SUBMIT */

?>

注意:我没有重命名文件名，因此如果用户上传的文件与之前的文件同名，就会导致冲突。在继续 renaming of files 之前，请先了解此代码.