我正在尝试使用PHP将带有图像的表单上传到MySQL。然而,我保持,得到这个错误-
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/03/6455003/html/leakfaucet/submitAlbumForm.php on line 17
我已经盯着这个看了很长一段时间了,只是不知道问题是什么,如果有任何帮助,我们将不胜感激!
表单-
<?php include "base.php"; ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Submit an Album</title>
</head>
<body>
<table>
<tr>
<td align="center">Submit an Album</td>
</tr>
<tr>
<td>
<table>
<form enctype="multipart/form-data" action="submitAlbumForm.php" method="post">
<tr>
<td>Artist Name</td>
<td><input type="text" name="artistName" size="20">
</td>
</tr>
<tr>
<td>Album Name</td>
<td><input type="text" name="albumName" size="20">
</td>
</tr>
<tr>
<tr>
<td>Release Date</td>
<td><input type="text" name="releaseDate" size="20">
</td>
</tr>
<tr>
<tr>
<td>Leak Date</td>
<td><input type="text" name="leakDate" size="20">
</td>
</tr>
<tr>
<tr>
<td>Where It Leaked</td>
<td><input type="text" name="whereItLeaked" size="20">
</td>
</tr>
<tr>
<tr>
<td>Album Cover</td>
<td><input type="file" name="albumCover">
</td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" name="submit" value="Add"></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
上传脚本
<?php
include "base.php";
//Setting up images directory
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
$albumCover=($_FILES['photo']['name']);
//inserting data order
$order = "INSERT INTO albums
(artistName, albumName, releaseDate, leakDate, whereItLeaked, albumCover)
VALUES
('$_POST[artistName]',
'$_POST[albumName]',
'$_POST[releaseDate]',
'$_POST[leakDate]',
'$_POST[whereItLeaked]',
'($_FILES['albumCover']['name'])')"; /*this is the line where the error keeps occurring. I've tried a number of variations and still can't seem to get it right*/
if(move_uploaded_file($_FILES['albumCover']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";
}
else {
//Gives an error if its not
echo "Sorry, there was a problem uploading your file.";
}
//declare in the order variable
$result = mysql_query($order); //order executes
if($result){
echo("<br>Thank you for submitting!");
} else{
echo("<br>Sorry, something went wrong! Please try again!");
}
?>
我的base.php文件与连接信息
<?php
session_start();
$dbhost = "";
$dbname = "";
$dbuser = "";
$dbpass = "";
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>
在PHP双引号字符串中不能使用带引号的数组键。它发出警告。此外,您不能使用多维数组,因为您在双引号字符串中。PHP的解析器不是"贪婪的",只会看到单个级别的数组,例如
$foo = array();
$foo['bar'] = array();
$foo['bar']['baz'] = 'fizzbuzz';
echo "$foo['bar']['baz']";
会发出一个关于引用密钥的警告,输出实际上是:
Array['baz']
因为PHP看不到数组的第二级。
您需要使用{}表示法:
'({$_FILES['albumCover']['name']})')";
^--- ^---
它既允许引用数组键,又迫使PHP考虑ENTIRE数组引用,而不仅仅是第一级。
除此之外,您的代码对SQL注入攻击非常开放,在将这些代码放到面向公众的网站上之前,您应该阅读并学习如何避免这些攻击,否则请享受服务器pwn3d。
试试这个使用mysql_real_eescape_string 将值获取到变量中
$artist_name =mysql_real_escape_string( $_POST['artistName']);
$albumname= mysql_real_escape_string($_POST['albumName'] );
$releaseDate= mysql_real_escape_string($_POST['releaseDate']);
...
"INSERT INTO albums
(artistName, albumName, releaseDate, leakDate, whereItLeaked, albumCover)
VALUES ( '$artist_name', '$albumname',...)"