我正试图上传视频,并在同一页面上试图插入数据库。这就是我要做的。但是它给了我没有文件选择的信息。
<?php
if( true == isset($_POST['upload']))
{
$name=$_FILES['uploadvideo']['name'];
$type=$_FILES['uploadvideo']['type'];
//$size=$_FILES['uploadvideo']['size'];
$cname=str_replace(" ","_",$name);
$tmp_name=$_FILES['uploadvideo']['tmp_name'];
$target_path="test_upload/";
$target_path=$target_path.basename($cname);
if(move_uploaded_file($_FILES['uploadvideo']['tmp_name'],$target_path))
{
echo $sql="INSERT INTO video(name,type) VALUE('".$cname."','".$type."')";
$result=mysql_query($sql);
echo "Your video ".$cname." has been successfully uploaded";
}
}
<form name="video" enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="MAX_FILE_SIZE" value="100000000000000" type="hidden"/>
<input type="file" name="uploadvideo" />
<input type="submit" name="upload" value="SUBMIT" />
</form>
?>
您需要在PHP文件
所在的目录下创建一个文件夹test_upload添加error_reporting(E_ALL);
mysql
系列函数已被弃用,并已从PHP 7+中完全删除,因此您应该将代码升级到mysqli
或PDO
,并利用prepared statements
来帮助防止恶意SQL注入。我还建议,当你允许用户上传文件时,你应该对上传的文件做更多的处理,以确保它是预期的类型!
<!doctype html>
<html>
<head>
<title>Video upload</title>
</head>
<body>
<?php
function getmimetypes(){
$url='http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types';
$types=array();
array_walk( file( $url ), function( $line, $key, $types ){
if( $line && !empty( $line ) && strpos( $line, chr( 35 ) )===false ){
list( $m, $e )=array_values( array_filter( preg_split( '@'t@', trim( $line ) ) ) );
if( strpos( $e, chr( 32 ) ) ){
$o=explode( chr( 32 ), $e );
foreach( $o as $e ) $types[ $e ]=$m;
} else {
$types[ $e ]=$m;
}
}
}, &$types );
return $types;
}
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_FILES['uploadvideo'], $_POST['upload'] ) ){
/* permitted extensions */
$exts=array( 'mp4', 'mov', 'avi' );
/* permitted mimetypes */
$mimetypes=array( 'video/mp4', 'video/quicktime', 'video/x-msvideo' );
/* Get an array of possible Mimetypes */
$types = getmimetypes();
/* For simplicity, cast as an object */
$obj=(object)$_FILES['uploadvideo'];
$name=$obj->name;
$tmp=$obj->tmp_name;
$size=$obj->size;
$type=$obj->type;
$error=$obj->error;
$cname=str_replace( " ", "_", $name );
/* get file extension */
$ext = pathinfo( $name, PATHINFO_EXTENSION );
/* set the target path */
$target="test_upload/{$cname}";
/* process the uploaded file */
if( is_uploaded_file( $tmp ) && $error == UPLOAD_ERR_OK ){
/*
additional checks on file - is it of the correct extension and mimetype?
*/
if( in_array( $ext, $exts ) && in_array( $type, $mimetypes ) ){
$result = @move_uploaded_file( $tmp, $target );
$sql='insert into `video` ( `name`,`type` ) values ("'.$cname.'","'.$type.'");';
if( $result ){
$result = mysql_query( $sql );
echo $result ? 'Your video '.$cname.' has been successfully uploaded and saved' : 'There was a problem saving your video';
} else {
echo 'Unable to move your video to it''s new location';
}
}
} else {
echo 'Error: Possible attack';
}
}
?>
<form enctype='multipart/form-data' method='post'>
<input name='MAX_FILE_SIZE' value='100000000000000' type='hidden' />
<input type='file' name='uploadvideo' />
<input type='submit' name='upload' value='Upload' />
</form>
</body>
</html>