确定是否已上载文件并相应地调整sql

时间:2012-09-03 11:12:34

标签: php sql

我正在尝试编辑个人资料,但图片存在问题。

创建配置文件时,我可以成功上传图像,并在查看配置文件时查看图像。

但是,当我去编辑配置文件时,如果我不更改名称,年龄等值,则会将这些值写回具有未更改/原始值的数据库。

不幸的是,如果没有更改图像,单击编辑按钮时会被空白值覆盖。

我所追求的是一种说法:

IF $ FILES []为空 {

不要更新图片细节

}

ELSE

{

更新图片详情

}

我目前的代码如下:

    // EDIT A PLAYER PROFILE

    if (isset($_POST['action']) and $_POST['action'] == 'Edit' )
    {
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
        try
        {
            // $sql = 'SELECT id, name, age, position, height, weight, satscore, gpa FROM player WHERE id = :id';
            $sql = 'SELECT player.id, player.name AS name, age, position, height, weight, previousclubs.id AS previousclubsid, GROUP_CONCAT(distinct previousclubs.name) previousclubs, 
                satscore, gpa, GROUP_CONCAT(distinct link) link, email, filename, mimetype, filedata
                FROM player INNER JOIN playerpreviousclubs
                    ON player.id = playerid
                INNER JOIN previousclubs
                    ON previousclubid = previousclubs.id
                INNER JOIN links
                    ON links.playerid = player.id
                WHERE player.id = :id';
            $s = $pdo->prepare($sql);
            $s->bindValue(':id', $_POST['id']);
            $s->execute();
        }
        catch (PDOException $e)
        {
            $error = 'Error fetching profile details.' . $e->getMessage();
            include 'error.html.php';
            exit();
        }

        $row = $s->fetch();
        $pageTitle = 'Edit Profile';
        $action = 'editform';
        $name = $row['name'];
        $age = $row['age']; 
        $position = $row['position'];
        $height = $row['height'];
        $weight = $row['weight'];
        $satscore = $row['satscore'];
        $gpa = $row['gpa'];
        $previousclubs = $row['previousclubs'];
        $previousclubsid = $row['previousclubsid'];
        $link = $row['link'];
        $email = $row['email'];
        $filename = $row['filename'];
        $mimetype = $row['mimetype'];
        $filedata = $row['filedata'];*/
        $id = $row['id'];
        $button = 'Update Profile';

        include 'addplayerprofile.html.php';
        exit();
    }

    if (isset($_GET['editform']))
    {
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';

        // UPDATE MAIN PLAYER PROFILE DETAILS
        try
        {
            $sql = "UPDATE player SET
                name = :name,
                age = :age,
                position = :position,
                height = :height,
                weight = :weight,
                satscore = :satscore,
                gpa = :gpa,
                email = :email,
                    filename = :filename,
                    mimetype = :mimetype,
                    filedata = :filedata
                WHERE id = :id";
            $s = $pdo->prepare($sql);
            $s->bindValue(':id', $_POST['id']);
            $s->bindValue(':name', $_POST['name']);
            $s->bindValue(':age', $_POST['age']);
            $s->bindValue(':position', $_POST['position']);
            $s->bindValue(':height', $_POST['height']);
            $s->bindValue(':weight', $_POST['weight']);
            $s->bindValue(':satscore', $_POST['satscore']);
            $s->bindValue(':gpa', $_POST['gpa']);
            $s->bindValue(':email', $_POST['email']);
                    $s->bindValue(':filename',  $uploadname);
                    $s->bindValue(':mimetype',   $uploadtype);
                    $s->bindValue(':filedata',   $uploaddata);
            $s->execute();
        }
        catch (PDOException $e)
        {
            $error = 'Error editing player profile main details.' . $e->getMessage();
            include 'error.html.php';
            exit();
        }

我以为我可以做这样的事情,但它不起作用:

if (isset($_FILES['upload']) && $_FILES['upload'] <> '') 
{
$s->bindValue(':filename',  $uploadname);
$s->bindValue(':mimetype',   $uploadtype);
$s->bindValue(':filedata',   $uploaddata);
}
else
{
$s->bindValue(':filename',  $filename);
$s->bindValue(':mimetype',   $mimetype);
$s->bindValue(':filedata',   $filedata); 
}

感谢所有帮助。

由于

2 个答案:

答案 0 :(得分:1)

if (isset($_FILES['upload']['error']) && $_FILES['upload']['error'] == UPLOAD_ERR_OK) {
    // a file has been uploaded
}

然后看Security threats with uploads

答案 1 :(得分:1)

主要算法代码

if (isset($_POST['action']) and $_POST['action'] == 'Edit')
{ 

    if (!empty($_FILES) and is_uploaded_file($_FILES['upload']['tmp_name'])) {
       $sql = "UPDATE player SET
                name = :name,
                age = :age,
                position = :position,
                height = :height,
                weight = :weight,
                satscore = :satscore,
                gpa = :gpa,
                email = :email,
                    filename = :filename,
                    mimetype = :mimetype,
                    filedata = :filedata
                WHERE id = :id";
    } else {
        $sql = "UPDATE player SET
                name = :name,
                age = :age,
                position = :position,
                height = :height,
                weight = :weight,
                satscore = :satscore,
                gpa = :gpa,
                email = :email
                WHERE id = :id";
    }

    try {
        //skipped

        if (!empty($_FILES) and is_uploaded_file($_FILES['upload']['tmp_name'])) {
            $s->bindValue(':filename',  $uploadname);
            $s->bindValue(':mimetype',   $uploadtype);
            $s->bindValue(':filedata',   $uploaddata);
        }

    } catch(PDOException $e) {
        //skipped
    }
}

http://www.php.net/manual/en/function.is-uploaded-file.php