我只是重写了一些PHP代码以使其更安全,但出现了问题。我的代码假设将用户个人资料图片保存在uploads文件夹中,然后将其保存到数据库中,然后显示给他们。但这没有发生。唯一发生的是图片被保存在uploads文件夹中,仅此而已。我没有任何错误。有人可以帮我修复我的代码吗?
更新!
我只是尝试了这段代码:
$username = isset($_SESSION['username']) ? $_SESSION['username'] : "";
$userPic = isset($_SESSION['userPic']) ? $_SESSION['userPic'] : "";
var_dump($userPic);
$info = date('Y-m-d_H-i-s');
if(!empty($username))
{
if (isset($_FILES['fileToUpload'])) {
$errors= array();
$file_name = $_FILES['fileToUpload']['name'];
$file_size = $_FILES['fileToUpload']['size'];
$width = 1500;
$height = 1500;
$file_tmp = $_FILES['fileToUpload']['tmp_name'];
$file_type = $_FILES['fileToUpload']['type'];
$tmp = explode('.',$_FILES['fileToUpload']['name']);
$file_ext=strtolower (end ($tmp));
$extensions= array("jpeg","jpg","png");
if(in_array($file_ext,$extensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if ($file_size > 8097152) {
$errors[] = 'File size must be 2 MB';
}
if ($width > 1500 || $height > 1500) {
echo"File is to large";
}
if(empty($errors)==true)
{
move_uploaded_file($file_tmp,"uploads/".date('Y-m-d_H-i-s').$file_name);
$stmt = $conn->prepare("UPDATE users SET userPic=?, date_time=? WHERE username");
$stmt->bind_param('ss', $userPic, $date_time);
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $conn->affected_rows);
/* close statement and connection */
}else{
print_r($errors);
echo"Couldn't upload picture";
}
}}
else
{
echo "Invalid Username";
}
这就是我得到的
-1 Row inserted.
最佳答案
尝试这个
$stmt = $conn->prepare("UPDATE users SET userPic=?, date_time=? ");
$stmt->bind_param('ss', $userPic, $date_time);
$userPic = 'pic url';
$date_time = 'date';
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();
关于php - PHP准备好的语句未执行,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49641760/