hi i have already typed my code below. the database is saving the path of image but it is not displaying the image . where could i be wrong?
你好,我已经在下面输入了我的代码。数据库正在保存图像的路径,但没有显示图像。我哪里错了?
<div class="profile">
<?php
if (isset($_FILES['profile']) === true) {
if (empty($_FILES['profile']['name']) === true) {
echo 'Please choose a file';
} else {
$allowed = array('jpg', 'jpeg', 'gif', 'png');
$file_name = $_FILES['profile']['name'];
$file_extn = strtolower(end(explode('.', $file_name)));
$file_temp = $_FILES['profile']['tmp_name'];
if (in_array($file_extn, $allowed) === true) {
///upload file.
change_profile_image($session_user_id, $file_temp, $file_extn);
} else {
echo 'incorrect file type. Allowed formats: ';
echo implode(', ', $allowed);
}
}
}
if (empty($user_data['profile']) === false) {
echo '<img src"', $user_data['profile'], '"
alt="', $user_data['first_name'], '\'s">';
}
?>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="profile">
<input type="submit">
</form>
</div>
and the function change_profile_image I am calling is below:
我调用的函数change_profile_image如下:
function change_profile_image($user_id, $file_temp, $file_extn) {
$file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
//echo $file_path;
move_uploaded_file($file_temp, $file_path);
mysql_query("UPDATE `users` SET `profile` = '"
. mysql_real_escape_string($file_path)
. "' WHERE `user_id` = "
. (int) $user_id);
}
the database is saving the image path but not displaying the image on the webpage.
数据库正在保存图像路径,但没有在网页上显示图像。
2 个解决方案
#1
3
Where you've written
在你写
echo '<img src"', $user_data['profile'], '"
change it to
将其更改为
echo '<img src="'.$user_data['profile'].'"
Note the added equals sign and that full-stops instead of commas are used for concatenation.
注意添加的等号和全停止而不是逗号用于连接。
#2
1
First of all, I want to isolate some security issues...
首先,我想孤立一些安全问题……
When you're uploading a file, the file extension should never be checked. You should simply check the file MIME like so:
当你上传一个文件时,不应该检查文件扩展名。您应该像这样检查文件MIME:
class FileSecure
{
public resource $Allowed;
private object $Info;
public function __construct($allow)
{
$this->Allowed = $allow;
$this->Info = new finfo();
}
public function Check($file) : bool
{
if(in_array($fileType = $this->Info->file($file, FILEINFO_MIME_TYPE, $this->Allowed))) { return true; } else { return false; }
}
}
$fileCheck = array(
'Image' => new FileSecure(['image/bmp', 'image/gif', 'image/jpeg', 'image/png']),
'Text' => new FileSecure(['text/plain']),
'Compressed' => new FileSecure(['application/zip', 'application/x-rar-compressed'])
);
// End of Class
($fileCheck['Image']->Check($_FILES['profile']['name']))? "" : die("Invalid image file..."); // make sure you delete the file if it is false
Now back to the Question...
现在回到问题……
Firstly, we cannot see what your file server so make sure that the file has saved where that path links too.
首先,我们看不到您的文件服务器,所以请确保文件也保存在路径链接的位置。
If it has, var_dump() your queries and ensure that it is the correct path with the correct extension and name.
如果有,请var_dump()查询并确保它是正确的路径,具有正确的扩展名和名称。
Secondly, you have a lot of syntax issues which you could easily find yourself by enabling error reporting...
其次,您有很多语法问题,通过启用错误报告,您可以很容易地找到您自己……
You can do this by: error_reporting(1);
可以这样做:error_reporting(1);
Edit: Note, if you're storing the directory as the datetime (substr(md5(time()), 0, 10)) you will need to include this date into the database path so you know where it is.
编辑:注意,如果将目录存储为datetime (substr(time(), 0,10))),则需要将该日期包含到数据库路径中,以便您知道它在哪里。
Note: When using the isset() you don't need to match it to true or false, you can simple do:
注意:在使用isset()时,您不需要将它匹配为true或false,您可以简单地做到:
// false
if(!isset($...))
{
}
// true
if(isset($...))
{
}
#1
3
Where you've written
在你写
echo '<img src"', $user_data['profile'], '"
change it to
将其更改为
echo '<img src="'.$user_data['profile'].'"
Note the added equals sign and that full-stops instead of commas are used for concatenation.
注意添加的等号和全停止而不是逗号用于连接。
#2
1
First of all, I want to isolate some security issues...
首先,我想孤立一些安全问题……
When you're uploading a file, the file extension should never be checked. You should simply check the file MIME like so:
当你上传一个文件时,不应该检查文件扩展名。您应该像这样检查文件MIME:
class FileSecure
{
public resource $Allowed;
private object $Info;
public function __construct($allow)
{
$this->Allowed = $allow;
$this->Info = new finfo();
}
public function Check($file) : bool
{
if(in_array($fileType = $this->Info->file($file, FILEINFO_MIME_TYPE, $this->Allowed))) { return true; } else { return false; }
}
}
$fileCheck = array(
'Image' => new FileSecure(['image/bmp', 'image/gif', 'image/jpeg', 'image/png']),
'Text' => new FileSecure(['text/plain']),
'Compressed' => new FileSecure(['application/zip', 'application/x-rar-compressed'])
);
// End of Class
($fileCheck['Image']->Check($_FILES['profile']['name']))? "" : die("Invalid image file..."); // make sure you delete the file if it is false
Now back to the Question...
现在回到问题……
Firstly, we cannot see what your file server so make sure that the file has saved where that path links too.
首先,我们看不到您的文件服务器,所以请确保文件也保存在路径链接的位置。
If it has, var_dump() your queries and ensure that it is the correct path with the correct extension and name.
如果有,请var_dump()查询并确保它是正确的路径,具有正确的扩展名和名称。
Secondly, you have a lot of syntax issues which you could easily find yourself by enabling error reporting...
其次,您有很多语法问题,通过启用错误报告,您可以很容易地找到您自己……
You can do this by: error_reporting(1);
可以这样做:error_reporting(1);
Edit: Note, if you're storing the directory as the datetime (substr(md5(time()), 0, 10)) you will need to include this date into the database path so you know where it is.
编辑:注意,如果将目录存储为datetime (substr(time(), 0,10))),则需要将该日期包含到数据库路径中,以便您知道它在哪里。
Note: When using the isset() you don't need to match it to true or false, you can simple do:
注意:在使用isset()时,您不需要将它匹配为true或false,您可以简单地做到:
// false
if(!isset($...))
{
}
// true
if(isset($...))
{
}