我在尝试将图像上传到文件并收到上述错误时遇到问题。此代码允许我将新产品添加到商店,它们将使用文件名在数据库上更新,只是它们没有上传到文件夹。任何帮助将不胜感激。
<?php
include('../connect.php');
$addid= $_POST['addrow'];
$addproduct= mysql_real_escape_string(htmlentities($_POST['addproduct']));
$addprice= mysql_real_escape_string(htmlentities($_POST['addprice']));
$addprevprice= mysql_real_escape_string(htmlentities($_POST['addprevprice']));
$adddetails= mysql_real_escape_string(htmlentities($_POST['adddetails']));
$addimage1 = mysql_real_escape_string($_FILES['addimage1']['name']);
$addimage1temp = mysql_real_escape_string($_FILES['addimage1']['tmp_name']);
$addimage1type = mysql_real_escape_string($_FILES['addimage1']['type']);
$addimage1size = mysql_real_escape_string($_FILES['addimage1']['size']);
$addimage2 = mysql_real_escape_string($_FILES['addimage2']['name']);
$addimage2temp = mysql_real_escape_string($_FILES['addimage2']['tmp_name']);
$addimage2type = mysql_real_escape_string($_FILES['addimage2']['type']);
$addimage2size = mysql_real_escape_string($_FILES['addimage2']['size']);
$addimage3 = mysql_real_escape_string($_FILES['addimage3']['name']);
$addimage3temp = mysql_real_escape_string($_FILES['addimage3']['tmp_name']);
$addimage3type = mysql_real_escape_string($_FILES['addimage3']['type']);
$addimage3size = mysql_real_escape_string($_FILES['addimage3']['size']);
if (!empty($addimage1))
{
if ($addimage1type == 'image/gif' || $addimage1type == 'image/jpg' || $addimage1type == 'image/jpeg' && $addimage1size > 0 && $addimage1size < 2000000)
{
move_uploaded_file($addimage1temp,"../img/camera/$addimage1");
$query = "INSERT INTO admincamera (product, price, prevprice, details, image1)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails', '$addimage1')";
}
else
{
echo "<p>file needs to be a jpg/gif or file size too big.</p>";
die();
}
}
else
{
$query = "INSERT INTO admincamera (product, price, prevprice, details)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
}
mysql_query($query) or die(mysql_error());
if (!empty($addimage2))
{
if ($addimage2type == 'image/gif' || $addimage2type == 'image/jpg' || $addimage2type == 'image/jpeg' && $addimage2size > 0 && $addimage2size < 2000000)
{
move_uploaded_file($addimage2temp,"../img/camera/$addimage2");
$query = "INSERT INTO admincamera (product, price, prevprice, details, image2)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails', '$addimage2')";
}
else
{
echo "<p>file needs to be a jpg/gif or file size too big.</p>";
die();
}
}
else
{
$query = "INSERT INTO admincamera (product, price, prevprice, details)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
}
mysql_query($query) or die(mysql_error());
if (!empty($addimage3))
{
if ($addimage3type == 'image/gif' || $addimage3type == 'image/jpg' || $addimage3type == 'image/jpeg' && $addimage3size > 0 && $addimage3size < 2000000)
{
move_uploaded_file($addimage3temp,"../img/camera/$addimage3");
$query = "INSERT INTO admincamera (product, price, prevprice, details, image3)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails' '$addimage3')";
}
else
{
echo "<p>file needs to be a jpg/gif or file size too big.</p>";
die();
}
}
else
{
$query = "INSERT INTO admincamera (product, price, prevprice, details)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
}
mysql_query($query) or die(mysql_error());
mysql_close();
?>
我已经 grep 你所有的INSERT
语句
1: $query = "INSERT INTO admincamera (product, price, prevprice, details, image1)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails', '$addimage1')";
2: $query = "INSERT INTO admincamera (product, price, prevprice, details )"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
3: $query = "INSERT INTO admincamera (product, price, prevprice, details, image2)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails', '$addimage2')";
4: $query = "INSERT INTO admincamera (product, price, prevprice, details )"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
5: $query = "INSERT INTO admincamera (product, price, prevprice, details, image3)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails' '$addimage3')"; }
6: $query = "INSERT INTO admincamera (product, price, prevprice, details )"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
您在第 5 次插入时错过了逗号....
"VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails' '$addimage3')";
^------- Here
测试
这很有趣。 'string1' 'string2'
转换为'string1string2'
mysql> insert into test2 (a, b) values('1', '2');
Query OK, 1 row affected (0.00 sec)
mysql> insert into test2 (a, b) values('1' '2');
ERROR 1136 (21S01): Column count doesn't match value count at row 1
mysql> insert into test2 (a, b) values('1' '2', '3');
Query OK, 1 row affected (0.00 sec)
mysql> SELECT * FROM test2;
+------+------+
| a | b |
+------+------+
| 1 | 2 |
| 12 | 3 |
+------+------+
2 rows in set (0.00 sec)
改进代码
- 使函数重复代码
- 请勿使用
mysql_xxx()
,使用mysqli
或PDO
- 对 SQL 注入使用预准备语句
函数样式
未测试,但以下代码看起来比你的更好。
<?
include('../connect.php');
$inserted = insert($_FILES['addimage1'], 'image1');
$inserted = insert($_FILES['addimage2'], 'image2');
$inserted = insert($_FILES['addimage3'], 'image3');
function insert($file, $image_col_name)
{
$addid= $_POST['addrow'];
$addproduct= mysql_real_escape_string(htmlentities($_POST['addproduct']));
$addprice= mysql_real_escape_string(htmlentities($_POST['addprice']));
$addprevprice= mysql_real_escape_string(htmlentities($_POST['addprevprice']));
$adddetails= mysql_real_escape_string(htmlentities($_POST['adddetails']));
$addimage = mysql_real_escape_string($file['name']);
$addimagetemp = mysql_real_escape_string($file['tmp_name']);
$addimagetype = mysql_real_escape_string($file['type']);
$addimagesize = mysql_real_escape_string($file['size']);
if (!empty($addimage))
{
if (($addimagetype == 'image/gif' || $addimagetype == 'image/jpg' || $addimagetype == 'image/jpeg') && ($addimagesize > 0 && $addimagesize < 2000000))
{
move_uploaded_file($addimagetemp,"../img/camera/$addimage");
$query = "INSERT INTO admincamera (product, price, prevprice, details, $image_col_name)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails', '$addimage')";
}
else
{
echo "<p>file needs to be a jpg/gif or file size too big.</p>";
die();
}
}
else
{
$query = "INSERT INTO admincamera (product, price, prevprice, details)"."VALUES('$addproduct', '$addprice', '$addprevprice', '$adddetails')";
}
mysql_query($query) or die(mysql_error());
return true;
}
?>