[英]Trying to Update MySQL database (uploading file) using a php script
I am trying to create a login system where users can upload file in the existing database. 我正在尝试创建一个登录系统,用户可以在其中上传现有数据库中的文件。 First require the user to login then upload file. 首先要求用户登录,然后上传文件。 Here is my database: 这是我的数据库:
Now I want to update cv (blob). 现在我要更新简历(blob)。 So I have created the following page. 因此,我创建了以下页面。
<!-- Form -->
<h1>Pease Login to Upload CV</h1>
<form method="POST" enctype="multipart/form-data">
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br><br>
<input type="submit" value="Submit" name="submit" /> <br>
</form>
Above is the initial form. 以上是初始形式。 Then I used the following script: 然后,我使用以下脚本:
<!-- Script -->
<?php
if (isset($_POST['submit'])) {
// make connection
$conn = mysqli_connect('localhost','root','','users');
// if fails show error
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
echo "Error Connecting to DB";
}
$usrName = ($_POST['username']);
$paswrd = ($_POST['password']);
if($usrName!='' && $paswrd!=''){
$sql ="SELECT username, password FROM credentials WHERE username = '$usrName'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($result);
$dbUsname = $row[0];
$dbPassword = $row[1];
if ($usrName == $dbUsname && $paswrd == $dbPassword) {
echo "Hello ".$usrName." upload your CV now <br>";
echo
"<form method='POST' enctype='multipart/form-data'>
<input type = 'file' value= 'upload' name = 'file'>
<input type='submit' value='Upload' name='upload' /> <br>
</form>";
if(isset($_POST['upload'])){
$cv = mysqli_real_escape_string($conn, $_POST['file']);
mysql_query("UPDATE credentials SET cv=$cv WHERE username=$usrName");
if (!mysqli_query($conn,$UpdateQuery)) {
die('Error: ' . mysqli_error($conn));
}
}
}
else{
echo "<h1>Incorrect Username and/or password!</h1>";
}
}else{
echo "Please make sure username and password is not empty";
}
}
?>
I have tested out the script for the most part. 我已经测试了大部分脚本。 The problem occurs when I try to update the cv file. 当我尝试更新cv文件时,会出现问题。 On the code below. 在下面的代码。
The Script executes but I can not see any file uploaded in my database. 脚本已执行,但是我看不到数据库中上载的任何文件。 Can someone please point out where am I making the error. 有人可以指出我在哪里出错。
Firstly, we're dealing with "files" and not a "text" input. 首先,我们要处理“文件”而不是“文本”输入。
So this part $_POST['file']
of your code, needs to be changed to $_FILES['file']
因此,代码的$_POST['file']
部分需要更改为$_FILES['file']
However this part of your code 但是,这部分代码
mysql_query("UPDATE credentials SET cv=$cv WHERE username=$usrName");
that's failing you for 2 reasons. 失败的原因有两个。
You're mixing APIs and you need to quote string values and would technically need to read as: (see the line of code just below my sidenote). 您正在混合使用API,并且需要引用字符串值,并且从技术上来说,它应读为:(请参阅我的旁注下方的代码行)。
Sidenote: mysqli_query
should not be included (just below) if you're to use the conditional statement that you're using if (!mysqli_query($conn,$UpdateQuery))
. 旁注:如果要使用正在使用if (!mysqli_query($conn,$UpdateQuery))
的条件语句,则不应包括mysqli_query
(在下面if (!mysqli_query($conn,$UpdateQuery))
。
mysqli_query($conn, "UPDATE credentials SET cv='$cv' WHERE username='$usrName'");
You need to use the same one from connection to query. 您需要从连接到查询使用相同的查询。
Yet seeing this though, 然而尽管如此,
if (!mysqli_query($conn,$UpdateQuery)) {
die('Error: ' . mysqli_error($conn));
}
You probably forgot to add the $UpdateQuery
variable to your query, which should read as 您可能忘记了将$UpdateQuery
变量添加到查询中,该变量应显示为
$UpdateQuery = "UPDATE credentials SET cv=`$cv` WHERE username='$usrName'";
Error reporting would have thrown you an undefined variable UpdateQuery notice. 错误报告会引发未定义的变量UpdateQuery通知。
Sidenote: Make sure that the file size is allowed. 旁注:确保允许文件大小。 If it is too large, then you will need to increase its values. 如果太大,则需要增加其值。
Consult the following post on Stack: 请参阅以下有关Stack的文章:
Rewrite: 改写:
$cv = mysqli_real_escape_string($conn, $_FILES['file']);
$UpdateQuery = "UPDATE credentials SET cv='$cv' WHERE username='$usrName'";
// or using '".XXX."' syntax. In rare cares, that makes a difference.
// $UpdateQuery = "UPDATE credentials SET cv='".$cv."' WHERE username='".$usrName."'";
if (!mysqli_query($conn,$UpdateQuery)) {
die('Error: ' . mysqli_error($conn));
}
else{
echo "Success!";
}
You're also open to an SQL injection. 您还可以接受SQL注入。 It's best to use a prepared statement. 最好使用准备好的语句。
Reference on BLOB and TEXT Types: 有关BLOB和TEXT类型的参考:
Passwords 密码
I also noticed that you may be storing passwords in plain text. 我还注意到您可能以纯文本形式存储密码。 This is not recommended. 不建议这样做。
Use one of the following: 使用以下之一:
crypt()
bcrypt()
scrypt()
password_hash()
function. PHP 5.5的password_hash()
函数。 Other links: 其他连结:
When you post your upload form the update query will not run because it's hidden inside if(isset($_POST['submit']))
. 发布上传表单时,更新查询将不会运行,因为它隐藏在if(isset($_POST['submit']))
。 You need to move if(isset($_POST['upload']))
outside of submit for it to work. 您需要将if(isset($_POST['upload']))
移出if(isset($_POST['upload']))
才能起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.