嗨,我遇到了麻烦。用户在page1.php中上传图像。它的文件名插入到数据库中,并且图像转到名为“ uploads”的文件夹中。如何获取这些图像并将其显示在page2.php中?
第1页
if(isset($_FILES['filename'])){
$errors = array();
$file_name = $_FILES['filename']['name'];
$file_size =$_FILES['filename']['size'];
$file_tmp =$_FILES['filename']['tmp_name'];
$file_type=$_FILES['filename']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152){
$errors[]='File size must be excately 2 MB';
}
//if no error...
if (empty($errors)==true) {
// upload the file...
move_uploaded_file($file_tmp,"uploads/".$file_name);
$servername = "localhost";
$username = "root";
$password = " ";
$dbname = "admin";
// create new record in the database
include ("dbinfo.php");
mysql_query("INSERT INTO payment_form (Tracking, date, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;
header('Location: paymentform_success.php');
}else{
print_r($errors);
}
}
第2页上有一个更新记录表。我只希望图像显示在该单元格上。 T__T我尚未研究对我有用的任何东西。请帮助
最佳答案
您可以尝试如下操作:
<?php
$query = "SELECT * FROM payment_form";
$result = mysql_query($query);
if (!$result) {
die('SQL error');
}
echo "<table>";
while ($row = mysql_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['Tracking']}</td>";
echo "<td>{$row['date']}</td>";
echo "<td>{$row['ContactNo']}</td>";
echo "<td>{$row['totalsent']}</td>";
echo "<td>{$row['datesent']}</td>";
echo "<td><img src='/uploads/{$row['filename']}'/></td>";
echo "</tr>";
}
echo "</table>";
?>
首先,您需要使用“ SELECT”查询运行mysql_query,然后运行类似mysql_fetch_assoc的函数来获取每一行,然后输出信息。
另外,您的原始代码有一个SQL注入漏洞,您必须对用户提交的所有值使用mysql_real_escape_string,例如
$transactionNo=mysql_real_escape_string($transactionNo);
$contactNo=mysql_real_escape_string($contactNo);
$totalSent=mysql_real_escape_string($totalSent);
$dateSent=mysql_real_escape_string($dateSent);
$file_name=mysql_real_escape_string($file_name);
UPD要通过跟踪ID获取特定文件,您可以使用以下方法:
<?php
$Tracking = mysql_real_escape_string($_GET['Tracking']);
$query = "SELECT Tracking,filename FROM payment_form WHERE Tracking = '$Tracking'";
$result = mysql_query($query);
if (!$result) {
die('SQL error');
}
echo "<table>";
while ($row = mysql_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['Tracking']}</td>";
echo "<td><img src='/uploads/{$row['filename']}'/></td>";
echo "</tr>";
}
echo "</table>";
?>