小弟刚学php不久,写了如下代码,各位大侠见笑了。
代码的大概功能是在当前页面修改页面上显示的图片和文字。文字信息和图片信息存储在mySQL相应的表格里。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><?php
require_once 'header.php';
require_once 'check.php';
?><meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Item Detail</title>
<style type="text/css">
.auto-style2 {
text-align: center;
}
.auto-style1 {
font-size: 36pt;
text-align: left;
font-family: Default;
}
.auto-style3 {
font-family: Broadway;
}
</style>
</head><body>
<?php
if(isset($_POST['submit_edit_item_id']))
{
$_SESSION['edit_item_id'] = $_POST['sub_edit_item_id'];
}
$item_id = $_SESSION['edit_item_id'];
$result = mysql_query("SELECT * FROM ITEM WHERE ITEM_ID = $item_id");
if($result)
{
$row = mysql_fetch_array($result);
$user_id = $_SESSION['id'];
$name = $row['NAME'];
$dsc = $row['DESCRIPTION'];
$auc = $row['RESERVE_PRICE'];
$bin = $row['BIN_PRICE'];
$btime = $row['BEGIN'];
$etime = $row['END'];
$status = $row['STATUS'];
$seller = $row['SELLER_ID'];
$winner = $row['WINNER_ID'];
$curr_bid = $row['CURR_BID'];
$num_bid = $row['NUM_BID'];
$img_id = $row['IMG_ID'];
echo "item_id is $item_id";
echo "img_id is $img_id";
}
$result = mysql_query("SELECT USER_NAME FROM USER WHERE USER_ID = $seller");
if($result)
{
$row = mysql_fetch_array($result);
$seller_name = $row['USER_NAME'];
}
?> <table align="center" style="width: 100%">
<tr>
<td>
<div class="auto-style2">
<table align="center" style="width: 100%">
<tr>
<td class="auto-style1">Edit item:</td>
<td>
<a href="http://acadweb1.salisbury.edu/~rwan/home.php">
<img height="89" src="logo.jpg" style="float: right" width="184" /></a></td>
</tr>
</table>
</div>
<hr />
<table style="width: 100%">
<tr>
<td rowspan="2">
<?php
display_image($img_id, 500, 400);
?>
<form action="edit_item.php" method="post" enctype="multipart/form-data">
<table><tr><td><input type="file" name="image" /></td></tr>
<tr><td><input name="sub_change_pic" type="submit" value="Change picture">
<input name="sub_del_pic" type="submit" value="Delete picture"></td></tr>
</table></form>
<?php
if(isset($_POST['sub_change_pic']))
{
if(isset($_FILES['image']))
{
$file = $_FILES['image']['tmp_name'];
if(!empty($file))
{
$image = addslashes(file_get_contents($file));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($file);
if($image_size == false)
{
print'<p class = "error">The file is not an image.</p>';
}
else
{
mysql_query("LOCK TABLES IMAGES WRITE");
mysql_query("LOCK TABLES ITEM WRITE");
if($img_id == 1)
{
mysql_query("INSERT INTO IMAGES (IMG_NAME, IMG) VALUES ('$image_name', '$image')");
$pic_id = mysql_insert_id();
mysql_query("UPDATE ITEM SET IMG_ID = $pic_id WHERE ITEM_ID = $item_id");
}
else
{
mysql_query("UPDATE IMAGES SET IMG_NAME = '$image_name', IMG = '$image'
WHERE IMG_ID = $img_id");
}
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
}
}
}
if(isset($_POST['sub_del_pic']))
{
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET IMG_ID = 1 WHERE ITEM_ID = $item_id");
if($img_id != 1)
{
mysql_query("LOCK TABLES IMAGES WRITE");
mysql_query("DELETE FROM IMAGES WHERE IMG_ID = $img_id");
}
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</td>
<td><form action="edit_item.php" method="post">
<textarea cols="50" name="title" rows="4"><?php print $name; ?></textarea><br>
<input name="change_item_title" type="submit" value="Change item title" /></form></td>
</tr>
<tr>
<td><hr />
<?php
if(isset($_POST['change_item_title']))
{
$name = $_POST['title'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET NAME = '$name' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
if($status == "SOLD")
{
$result = mysql_query("SELECT * FROM ITEM_SOLD WHERE ITEM_ID = $item_id");
$row = mysql_fetch_array($result);
$buyer = $row['BUYER_ID'];
if($_SESSION['id'] == $buyer)
{
print'<p class = "error">Congratulations! The item is yours.</p>';
}
else
{
print'<p class = "error">Sorry, the item has been sold!</p>';
}
}
else if($status == "NA")
{
print'<p class = "error">Item is not available yet!</p>';
}
else if($status == "EXPIRE")
{
print'<p class = "error">Item is expired.</p>';
}
else
{
date_default_timezone_set('America/New_York');
$curr_date = date("Y-m-d");
$curr_time = date("H:i");
$curr_datetime = "$curr_date $curr_time:00";
print"<p><strong>Current datetime: $curr_datetime</strong></p>";
$result = mysql_query("SELECT * FROM ITEM WHERE ITEM_ID = $item_id");
if($result)
{
$row = mysql_fetch_array($result);
$btime = strtotime($row['BEGIN']);
$etime = strtotime($row['END']);
$date = date("Y-m-d", $etime);
$time = date("H:i", $etime);
} print'<table><tr><td><form action="edit_item.php" method="post">
Change End time:</td></tr><tr><td><input type="date" name="end_date" value='.$date.'>
<input type="time" name="end_time" value='.$time.'></td>
<td><input type="submit" name= "go" value="Set Time">
</form></td></tr></table>'; if($_POST['go'] == "Set Time")
{
$end_date = $_POST['end_date'];
$end_time = $_POST['end_time'];
$end_time = $end_time.':00';
$end_datetime = strtotime("$end_date $end_time");
$now = strtotime($default_datetime);
$problem = false;
if ($end_datetime <= $now)
{
print'You cannot set End time earlier than current time!';
$problem = true;
}
if(!$problem)
{
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET END = '$end_date $end_time' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
}
refresh();
}
?>
<hr /><br />
<table><tr><td>Buy it Now Price:</td></tr>
<tr><td><form action ="edit_item.php" method="post">
<input name="price" type="text" value="<?php print $bin; ?>" ></td></tr>
<tr><td><input name="sub_change_price" type="submit" value="Change price" /></form></td></tr></table>
<?php
if(isset($_POST['sub_change_price']))
{
$price = $_POST['price'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET BIN_PRICE = $price WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</td>
</tr>
<tr>
<td class="auto-style3" colspan="2">
<form action ="edit_item.php" method="post">
<textarea cols="80" name="description" rows="10"><?php print $dsc; ?></textarea><br>
<input name="change_dsc" type="submit" value="Change item description" /></form></td>
</tr>
<?php
if(isset($_POST['change_dsc']))
{
$dsc = $_POST['description'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET DESCRIPTION = '$dsc' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</table>
</td>
</tr>
</table>
</body>
<?php require_once 'webmaster.php'; ?>
</html>
问题:第120行的插入命令为什么不能执行?什么原因导致?怎么解决?MySQLphp
代码的大概功能是在当前页面修改页面上显示的图片和文字。文字信息和图片信息存储在mySQL相应的表格里。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><?php
require_once 'header.php';
require_once 'check.php';
?><meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Item Detail</title>
<style type="text/css">
.auto-style2 {
text-align: center;
}
.auto-style1 {
font-size: 36pt;
text-align: left;
font-family: Default;
}
.auto-style3 {
font-family: Broadway;
}
</style>
</head><body>
<?php
if(isset($_POST['submit_edit_item_id']))
{
$_SESSION['edit_item_id'] = $_POST['sub_edit_item_id'];
}
$item_id = $_SESSION['edit_item_id'];
$result = mysql_query("SELECT * FROM ITEM WHERE ITEM_ID = $item_id");
if($result)
{
$row = mysql_fetch_array($result);
$user_id = $_SESSION['id'];
$name = $row['NAME'];
$dsc = $row['DESCRIPTION'];
$auc = $row['RESERVE_PRICE'];
$bin = $row['BIN_PRICE'];
$btime = $row['BEGIN'];
$etime = $row['END'];
$status = $row['STATUS'];
$seller = $row['SELLER_ID'];
$winner = $row['WINNER_ID'];
$curr_bid = $row['CURR_BID'];
$num_bid = $row['NUM_BID'];
$img_id = $row['IMG_ID'];
echo "item_id is $item_id";
echo "img_id is $img_id";
}
$result = mysql_query("SELECT USER_NAME FROM USER WHERE USER_ID = $seller");
if($result)
{
$row = mysql_fetch_array($result);
$seller_name = $row['USER_NAME'];
}
?> <table align="center" style="width: 100%">
<tr>
<td>
<div class="auto-style2">
<table align="center" style="width: 100%">
<tr>
<td class="auto-style1">Edit item:</td>
<td>
<a href="http://acadweb1.salisbury.edu/~rwan/home.php">
<img height="89" src="logo.jpg" style="float: right" width="184" /></a></td>
</tr>
</table>
</div>
<hr />
<table style="width: 100%">
<tr>
<td rowspan="2">
<?php
display_image($img_id, 500, 400);
?>
<form action="edit_item.php" method="post" enctype="multipart/form-data">
<table><tr><td><input type="file" name="image" /></td></tr>
<tr><td><input name="sub_change_pic" type="submit" value="Change picture">
<input name="sub_del_pic" type="submit" value="Delete picture"></td></tr>
</table></form>
<?php
if(isset($_POST['sub_change_pic']))
{
if(isset($_FILES['image']))
{
$file = $_FILES['image']['tmp_name'];
if(!empty($file))
{
$image = addslashes(file_get_contents($file));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($file);
if($image_size == false)
{
print'<p class = "error">The file is not an image.</p>';
}
else
{
mysql_query("LOCK TABLES IMAGES WRITE");
mysql_query("LOCK TABLES ITEM WRITE");
if($img_id == 1)
{
mysql_query("INSERT INTO IMAGES (IMG_NAME, IMG) VALUES ('$image_name', '$image')");
$pic_id = mysql_insert_id();
mysql_query("UPDATE ITEM SET IMG_ID = $pic_id WHERE ITEM_ID = $item_id");
}
else
{
mysql_query("UPDATE IMAGES SET IMG_NAME = '$image_name', IMG = '$image'
WHERE IMG_ID = $img_id");
}
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
}
}
}
if(isset($_POST['sub_del_pic']))
{
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET IMG_ID = 1 WHERE ITEM_ID = $item_id");
if($img_id != 1)
{
mysql_query("LOCK TABLES IMAGES WRITE");
mysql_query("DELETE FROM IMAGES WHERE IMG_ID = $img_id");
}
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</td>
<td><form action="edit_item.php" method="post">
<textarea cols="50" name="title" rows="4"><?php print $name; ?></textarea><br>
<input name="change_item_title" type="submit" value="Change item title" /></form></td>
</tr>
<tr>
<td><hr />
<?php
if(isset($_POST['change_item_title']))
{
$name = $_POST['title'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET NAME = '$name' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
if($status == "SOLD")
{
$result = mysql_query("SELECT * FROM ITEM_SOLD WHERE ITEM_ID = $item_id");
$row = mysql_fetch_array($result);
$buyer = $row['BUYER_ID'];
if($_SESSION['id'] == $buyer)
{
print'<p class = "error">Congratulations! The item is yours.</p>';
}
else
{
print'<p class = "error">Sorry, the item has been sold!</p>';
}
}
else if($status == "NA")
{
print'<p class = "error">Item is not available yet!</p>';
}
else if($status == "EXPIRE")
{
print'<p class = "error">Item is expired.</p>';
}
else
{
date_default_timezone_set('America/New_York');
$curr_date = date("Y-m-d");
$curr_time = date("H:i");
$curr_datetime = "$curr_date $curr_time:00";
print"<p><strong>Current datetime: $curr_datetime</strong></p>";
$result = mysql_query("SELECT * FROM ITEM WHERE ITEM_ID = $item_id");
if($result)
{
$row = mysql_fetch_array($result);
$btime = strtotime($row['BEGIN']);
$etime = strtotime($row['END']);
$date = date("Y-m-d", $etime);
$time = date("H:i", $etime);
} print'<table><tr><td><form action="edit_item.php" method="post">
Change End time:</td></tr><tr><td><input type="date" name="end_date" value='.$date.'>
<input type="time" name="end_time" value='.$time.'></td>
<td><input type="submit" name= "go" value="Set Time">
</form></td></tr></table>'; if($_POST['go'] == "Set Time")
{
$end_date = $_POST['end_date'];
$end_time = $_POST['end_time'];
$end_time = $end_time.':00';
$end_datetime = strtotime("$end_date $end_time");
$now = strtotime($default_datetime);
$problem = false;
if ($end_datetime <= $now)
{
print'You cannot set End time earlier than current time!';
$problem = true;
}
if(!$problem)
{
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET END = '$end_date $end_time' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
}
refresh();
}
?>
<hr /><br />
<table><tr><td>Buy it Now Price:</td></tr>
<tr><td><form action ="edit_item.php" method="post">
<input name="price" type="text" value="<?php print $bin; ?>" ></td></tr>
<tr><td><input name="sub_change_price" type="submit" value="Change price" /></form></td></tr></table>
<?php
if(isset($_POST['sub_change_price']))
{
$price = $_POST['price'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET BIN_PRICE = $price WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</td>
</tr>
<tr>
<td class="auto-style3" colspan="2">
<form action ="edit_item.php" method="post">
<textarea cols="80" name="description" rows="10"><?php print $dsc; ?></textarea><br>
<input name="change_dsc" type="submit" value="Change item description" /></form></td>
</tr>
<?php
if(isset($_POST['change_dsc']))
{
$dsc = $_POST['description'];
mysql_query("LOCK TABLES ITEM WRITE");
mysql_query("UPDATE ITEM SET DESCRIPTION = '$dsc' WHERE ITEM_ID = $item_id");
mysql_query("UNLOCK TABLES");
header("location: " . $_SERVER['REQUEST_URI']);
}
?>
</table>
</td>
</tr>
</table>
</body>
<?php require_once 'webmaster.php'; ?>
</html>
问题:第120行的插入命令为什么不能执行?什么原因导致?怎么解决?MySQLphp
而
$image = addslashes(file_get_contents($file));$file 显然是二进制文件
那么仅仅 addslashes 对于 mysql 5 是不行的(mysql 4 可以)
因为大多不可打印的 ASCII 字符都会影响 mysql 的行为如果一定要将图片数据存放于数据库中,那么要存放图片数据的 base64 编码