i Have set up a site that lets user upload images then those images get displayed back on the home screen. but i hit a wall just now so i got past to letting the user upload an image then that images gets saved to a folder and a database but how can i do it so the image gets displayed on the home screen.
我建立了一个网站,让用户上传图片,然后这些图片显示在主屏幕上。但是我刚才撞到墙上了,所以我通过了让用户上传一个图像然后图像被保存到一个文件夹和一个数据库中但是我怎么做才能让图像显示在主屏幕上。
<?php
// Connect to database
$errmsg = "";
if (! @mysql_connect("localhost","alfred1000351","*******")) {
$errmsg = "Cannot connect to database";
}
@mysql_select_db("drp_2cgih5o233");
$q = <<<CREATE
create table pix (
pid int primary key not null auto_increment,
title text,
imgdata longblob)
CREATE;
@mysql_query($q);
// Insert any new image into database
if ($_REQUEST[completed] == 1) {
// Need to add - check for large upload. Otherwise the code
// will just duplicate old file ;-)
// ALSO - note that latest.img must be public write and in a
// live appliaction should be in another (safe!) directory.
move_uploaded_file($_FILES['imagefile']['tmp_name'],"latest.img");
$instr = fopen("latest.img","rb");
$image = addslashes(fread($instr,filesize("latest.img")));
if (strlen($instr) < 149000) {
mysql_query ("insert into pix (title, imgdata) values (\"".
$_REQUEST[whatsit].
"\", \"".
$image.
"\")");
} else {
$errmsg = "Too large!";
}
}
// Find out about latest image
$gotten = @mysql_query("select * from pix order by pid desc limit 1");
if ($row = @mysql_fetch_assoc($gotten)) {
$title = htmlspecialchars($row[title]);
$bytes = $row[imgdata];
} else {
$errmsg = "There is no image in the database yet";
$title = "no database image available";
// Put up a picture of our training centre
$instr = fopen("../wellimg/ctco.jpg","rb");
$bytes = fread($instr,filesize("../wellimg/ctco.jpg"));
}
// If this is the image request, send out the image
if ($_REQUEST[gim] == 1) {
header("Content-type: image/jpeg");
print $bytes;
exit ();
}
?>
<html><head>
<title>Upload an image to a database</title>
<body bgcolor=white><h2>Here's the latest picture</h2>
<font color=red><?= $errmsg ?></font>
<center><img src=?gim=1 width=144><br>
<b><?= $title ?></center>
<hr>
<h2>Please upload a new picture and title</h2>
<form enctype=multipart/form-data method=post>
<input type=hidden name=MAX_FILE_SIZE value=150000>
<input type=hidden name=completed value=1>
Please choose an image to upload: <input type=file name=imagefile><br>
Please enter the title of that picture: <input name=whatsit><br>
then: <input type=submit></form><br>
<hr>
</body>
</html>
1 个解决方案
#1
0
Here is my toughts:
这是我的想法:
-
Do not suppress warnings what you get from DB. They are real, and needed. Remove all @-characters from the front of DB-calls. If you get any notices, warnings, errors do not suppress them, correct them.
不要抑制从DB获得的警告。它们是真实的,也是需要的。从db -call的前端删除所有的@-characters。如果您收到任何通知、警告和错误,请不要压制它们,纠正它们。
-
If you are making new code, consider using PDO as DB API, not the old, deprecating PHP MySQL API. It's as easy as MySQL API to use.
如果您正在编写新代码,请考虑使用PDO作为DB API,而不是旧的、不支持PHP MySQL API。它和MySQL API一样容易使用。
-
You only want try to create table only once, remove it from code which is executed many times.
您只需要尝试只创建表一次,将其从执行多次的代码中删除。
-
You should check if $_REQUEST parameters exists, and not compare them if they do not. Also you need to put the parameter names in quotes, otherwise PHP thinks you are using constants, which you are not. So line
if ($_REQUEST[completed] == 1) {must be fixed toif(isset($_REQUEST['completed']) && $_REQUEST['completed'] == 1) {. Same appies towhatisitandgim-params.您应该检查$_REQUEST参数是否存在,如果不存在则不进行比较。您还需要将参数名放入引号中,否则PHP认为您使用的是常量,而您不是。因此行if($_REQUEST[completed] = 1){必须固定为if($_REQUEST['completed']) & $_REQUEST['completed'] = 1){。对whatisit和gim -params的反应也是一样的。
-
The code
if (strlen($instr) < 149000) {does not work as intented, you cannot get length of resource. You are probably looking for this functionality:if (strlen($_FILES['imagefile']['size']) < 149000) {.如果代码(strlen($instr) < 149000){不能按照预期工作,则无法获得资源的长度。您可能正在寻找这个功能:if (strlen($_FILES['imagefile']['size']) < 149000){。
-
Same (as in step 4) with
$rows you need to put the literas in quotes, so fix those lines as:$title = htmlspecialchars($row['title']); $bytes = $row['imgdata'];与第4步相同,对于$row s,您需要将文字放在引号中,因此将这些行修改为:$title = htmlspecialchars($row['title']);字节=美元行(“imgdata”);
-
Othewise than that it should work. However, it contains DB-security hole, which can lead to compromize your website, so I recommend you NOT to put this to any real site. Just for your own/friends fun.
无论如何,它应该是有效的。但是,它包含DB-security漏洞,这会导致你的网站受到损害,所以我建议你不要把它放到任何真实的网站上。只为你自己/朋友的乐趣。
#1
0
Here is my toughts:
这是我的想法:
-
Do not suppress warnings what you get from DB. They are real, and needed. Remove all @-characters from the front of DB-calls. If you get any notices, warnings, errors do not suppress them, correct them.
不要抑制从DB获得的警告。它们是真实的,也是需要的。从db -call的前端删除所有的@-characters。如果您收到任何通知、警告和错误,请不要压制它们,纠正它们。
-
If you are making new code, consider using PDO as DB API, not the old, deprecating PHP MySQL API. It's as easy as MySQL API to use.
如果您正在编写新代码,请考虑使用PDO作为DB API,而不是旧的、不支持PHP MySQL API。它和MySQL API一样容易使用。
-
You only want try to create table only once, remove it from code which is executed many times.
您只需要尝试只创建表一次,将其从执行多次的代码中删除。
-
You should check if $_REQUEST parameters exists, and not compare them if they do not. Also you need to put the parameter names in quotes, otherwise PHP thinks you are using constants, which you are not. So line
if ($_REQUEST[completed] == 1) {must be fixed toif(isset($_REQUEST['completed']) && $_REQUEST['completed'] == 1) {. Same appies towhatisitandgim-params.您应该检查$_REQUEST参数是否存在,如果不存在则不进行比较。您还需要将参数名放入引号中,否则PHP认为您使用的是常量,而您不是。因此行if($_REQUEST[completed] = 1){必须固定为if($_REQUEST['completed']) & $_REQUEST['completed'] = 1){。对whatisit和gim -params的反应也是一样的。
-
The code
if (strlen($instr) < 149000) {does not work as intented, you cannot get length of resource. You are probably looking for this functionality:if (strlen($_FILES['imagefile']['size']) < 149000) {.如果代码(strlen($instr) < 149000){不能按照预期工作,则无法获得资源的长度。您可能正在寻找这个功能:if (strlen($_FILES['imagefile']['size']) < 149000){。
-
Same (as in step 4) with
$rows you need to put the literas in quotes, so fix those lines as:$title = htmlspecialchars($row['title']); $bytes = $row['imgdata'];与第4步相同,对于$row s,您需要将文字放在引号中,因此将这些行修改为:$title = htmlspecialchars($row['title']);字节=美元行(“imgdata”);
-
Othewise than that it should work. However, it contains DB-security hole, which can lead to compromize your website, so I recommend you NOT to put this to any real site. Just for your own/friends fun.
无论如何,它应该是有效的。但是,它包含DB-security漏洞,这会导致你的网站受到损害,所以我建议你不要把它放到任何真实的网站上。只为你自己/朋友的乐趣。