<?php
include("database.php");
include("session.php");
if(isset($_POST['submit']))
{
$uploadpath = 'upload/'; // directory to store the uploaded files
$max_size = 2000; // maximum file size, in KiloBytes
$alwidth = 900; // maximum allowed width, in pixels
$alheight = 800; // maximum allowed height, in pixels
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'jpeg', 'png'); // allowed extensions
if(isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$timestamp = time();
$uploadpath = $uploadpath . $timestamp . basename( $_FILES['fileup']['name']); // gets the file name
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext); // gets extension
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']); // gets image width and height
$err = ''; // to store the errors
// Checks if the file has allowed type, size, width and height (for images)
if(!in_array($type, $allowtype)) $err .= 'The file: <b>'. $_FILES['fileup']['name']. '</b> not has the allowed extension type.';
if($_FILES['fileup']['size'] > $max_size*1000) $err .= '<br/>Maximum file size must be: '. $max_size. ' KB.';
if(isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) $err .= '<br/>The maximum Width x Height must be: '. $alwidth. ' x '. $alheight;
// If no errors, upload the image, else, output the errors
if(is_uploaded_file($_FILES['fileup']['tmp_name']))
{
move_uploaded_file( $_FILES['fileup']['tmp_name'], $uploadpath) ;
$file=$uploadpath;
$caddress=$_POST["caddress"];
$username = $_SESSION["username"];
$result=mysql_query("insert into company(file,caddress,username)values('$file','$caddress','$username')");
echo "Inserted Successfully";
}
else
{
echo "There was an error uploading the data, please try again!";
}
}
}
?>
<center><b>Insert Company logo and Address</b></center><br>
<form name="form1" method="post" action="" onSubmit="submit" enctype="multipart/form-data">
<center><table style="width:250px">
<tr>
<td><b>Image</td> <td><input type="file" name="fileup" id="fileup" size="25" /></td>
</tr>
<tr>
<td><b>Address</td>
<td><textarea name="caddress" maxlength="600" cols="40" rows="10"></textarea></td></tr>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="submit"/></td>
</tr>
</form
应首次提交。如果我们从 再次提交 已插入的警报数据。只需将表单提交一次到数据库中。表单应首次提交。如果我们从 再次提交 已插入的警报数据。只需将表单提交一次到数据库中。
提交insert query后使用headear 它将解决问题
if(mysql_affected_rows()>0)//checking weather the query worked or not
{
header( 'Location: http://www.example.com/congratz.html');
}
//You can give any file name there after Location does not matter
也检查此链接
此外,mysql 被贬低,学习 mysqli 或 PDO
对于 mysqli 函数,请检查此链接 http://php.net/manual/en/book.mysqli.php
有关PDO功能,请检查此链接 http://php.net/manual/en/book.pdo.php
要了解标题,请查看此链接 http://php.net/manual/en/function.header.php
禁用单击事件上的提交按钮
例如,如果您不想避免在点击"刷新"或"返回"按钮时提交表单,诀窍是在表单中添加一个标记:
<?php
$msg = null;
session_start();
if( isset($_POST['submit']) ) {
if( !isset($_POST['token'])
||!isset($_SESSION['formToken'])
|| $_POST['token'] !== $_SESSION['formToken']) {
$msg = 'The form was not submitted.';
} else {
// do stuff
$msg = 'The form was submitted successfully.';
}
}
$formToken = uniqid('', true);
$_SESSION['formToken'] = $formToken;
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php if( $msg !== null) : ?>
<p><?= $msg; ?></p>
<?php endif; ?>
<form method="POST" action="">
<!-- stuff-->
<input type="hidden" name="token" value="<?= htmlspecialchars($formToken, ENT_QUOTES, 'UTF-8')?>" />
<button type="submit" name="submit" value="submit">Submit</button>
</form>
</body>
</html>
重新加载页面时,将再次提交提交的相同表单输入。
这意味着,如果您添加具有唯一 ID(令牌(的输入字段,您可以知道将提交相同的表单。
存储在会话变量中的值将保持与存储在文件或数据库记录中的值相同,而不是恢复为提交表单时的值。
您可以将令牌存储在会话变量中,并将其与从表单提交的令牌进行比较。如果它们不相等,则意味着表单已再次提交,您可以忽略输入(您将阻止数据库记录插入(。
这还可以防止表单欺骗表单提交。