我正在insert
中image
database
。它没有显示任何错误但是图像没有插入表中结果是打印"不是"
CODE
<?php
if (isset($_POST['pic_upload'])) {
if(getimagesize($_FILES['image']['tmp_name'])==False) {
echo "select img";
} else {
$image = addslashes($_FILES['image']['tmp_name']);
$name = addslashes($_FILES['image']['name']);
$image = file_get_contents($image);
$image = base64_encode($image);
saveimage($name,$image);
}
}
function saveimage($name,$image) {
require 'db.php';
$sql ="insert into blob(name,image) values('$name','$image')";
$result=$conn->query($sql);
if($result) {
echo "done";
} else {
echo 'not';
}
}
?>
答案 0 :(得分:0)
如上所述,如果要将保留字用作表名,则需要使用反引号。此外,您正在转义文件名,但不会转义任何数据,让您自己对SQL注入攻击敞开大门。请改用prepared statements。
<?php
if (isset($_POST['pic_upload'])) {
if(getimagesize($_FILES['image']['tmp_name'])==False) {
echo "select img";
} else {
$name = $_FILES['image']['name'];
$image = base64_encode(file_get_contents($_FILES['image']['tmp_name']));
saveimage($name,$image);
}
}
function saveimage($name,$image) {
require 'db.php';
$sql ="INSERT INTO `blob` (`name`, `image`) VALUES (?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sb", $name, $image);
$result = $stmt->execute();
if($result) {
echo "done";
} else {
echo 'not';
}
}
?>