1. 首页
  2. 问答
  3. 重命名上传文件,发布新名称到数据库

重命名上传文件,发布新名称到数据库

2012-01-28 79 views
1

我正在使用以下代码上传和重命名文件。这部分工作真棒,但它也将一些数据发布到数据库表。重命名上传文件,发布新名称到数据库

问题是旧的名字是张贴到数据库,但该文件正在重命名为ID ...我怎么能得到新的名称到数据库?

在此先感谢这里是我的代码:

<?php 

//This is the directory where images will be saved 
$allowed_filetypes = array('.jpg','.pdf','.xlsx','.xls','.doc','.docx','.ppt','.pptx','.jpeg','.png','.gif','.pdf'); 
$max_filesize = 52428800; // max file size = 50MB 
$target = $target . basename($_FILES['document']['name']); 


//This gets all the other information from the form 
$billing_id=$_POST['billing_id']; 
$shipping_id=$_POST['shipping_id']; 
$file_name=$_POST['file_name']; 
$file_type=$_POST['file_type']; 
$file_description=$_POST['file_description']; 

     $file = $_FILES['document']['name']; // Get the name of the file (including file extension). 
     $ext = substr($file, strpos($file,'.'), strlen($file)-1); 
     if(!in_array($ext,$allowed_filetypes))//check if file type is allowed 
      die('The file extension you attempted to upload is not allowed.'); //not allowed 
     if(filesize($_FILES['document']['tmp_name']) > $max_filesize) //check that filesize is less than 50MB 
      die ('The file you attempted to upload is too large, compress it below 50MB.'); 


// Connects to your Database 
mysql_connect("localhost", "root", "password") or die(mysql_error()) ; 
mysql_select_db("table") or die(mysql_error()) ; 

//Writes the information to the database 
mysql_query("INSERT INTO customer_files (billing_id, shipping_id, file_name, file_type, file_description, file) 
VALUES ('$billing_id', '$shipping_id', '$file_name', '$file_type', '$file_description', '$target')") ; 

$target = "../../file_management/uploads/customers/" .mysql_insert_id() . $ext; 

//Writes the file to the server 
if(move_uploaded_file($_FILES['document']['tmp_name'], $target)) 
{ 

//Tells you if its all ok 
echo "The file ". basename($_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; 
} 
else { 

//Gives and error if its not 
echo "Sorry, there was a problem uploading your file."; 
} 
?>

来源

2012-01-28 Owen Walsh

回答

1

在重命名文件之前,您正在将值插入数据库。你必须改变你的代码。首先将计费和发货编号插入数据库,然后取出最后一个插入的编号,用最后一个编号重命名文件并在数据库中更新新名称。你的代码更改为:

<?php 

    //This is the directory where images will be saved 
    $allowed_filetypes =array('.jpg','.pdf','.xlsx','.xls','.doc','.docx','.ppt','.pptx','.jpeg','.png','.gif','.pdf'); 
    $max_filesize = 52428800; // max file size = 50MB 
    $target = $target . basename($_FILES['document']['name']); 


    //This gets all the other information from the form 
    $billing_id=$_POST['billing_id']; 
    $shipping_id=$_POST['shipping_id']; 
    $file_name=$_POST['file_name']; 
    $file_type=$_POST['file_type']; 
    $file_description=$_POST['file_description']; 

    $file = $_FILES['document']['name']; // Get the name of the file (including file extension). 
    $ext = substr($file, strpos($file,'.'), strlen($file)-1); 
    if(!in_array($ext,$allowed_filetypes))//check if file type is allowed 
     die('The file extension you attempted to upload is not allowed.'); //not allowed 
    if(filesize($_FILES['document']['tmp_name']) > $max_filesize) //check that filesize is less than 50MB 
     die ('The file you attempted to upload is too large, compress it below 50MB.'); 


    // Connects to your Database 
    mysql_connect("localhost", "root", "password") or die(mysql_error()) ; 
    mysql_select_db("table") or die(mysql_error()) ; 

    //Writes the information to the database 
    mysql_query("INSERT INTO customer_files (billing_id, shipping_id) VALUES ('$billing_id', '$shipping_id')") ; 

    $target = "../../file_management/uploads/customers/" .mysql_insert_id() . $ext; 

    $last_id = mysql_insert_id(); 
    $new_file_name = mysql_insert_id() . $ext; 

    mysql_query("UPDATE customer_files SET file_name='$new_file_name',file_type='$file_type',file_description='$file_description',file='$target' WHERE id=$last_id"); 


//Writes the file to the server 
if(move_uploaded_file($_FILES['document']['tmp_name'], $target)) 
{ 

//Tells you if its all ok 
    echo "The file ". basename($_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; 
} 
else { 

//Gives and error if its not 
echo "Sorry, there was a problem uploading your file."; 
} 
?>

希望这有助于

来源

2012-01-28 04:21:55 Sabari

+0

非常感谢Sabari,这正是我所希望完成的。 – 2012-01-28 04:41:45

1

新的“名称”已经在DB - 这是当你插入上传数据时创建的记录的主键:

$target = "../../file_management/uploads/customers/" .mysql_insert_id() . $ext; 
                 ^^^^^^^^^^^^^^^^^ the new filename

来源

2012-01-28 04:03:48

+0

^这也是你的代码是SQL注入非常脆弱。你怎么知道用户在$ _POST ['billing_id']中输入了一个数字; 而不是“x”; DROP TABLE customer_files; - “(因此销毁你的表!)。我想你是PHP的新手,所以你可能需要花一些时间阅读sql注入等,以及如何逃避输入数据。永远不要相信用户输入 – cosmorogers 2012-01-28 04:08:41

+0

我知道,但我需要的路径,所以我可以链接到它..使用的路径是文件实际上从上载器的桌面调用。由于可以使用多个扩展名,我可以链接到ID – 2012-01-28 04:10:05

+0

谢谢cosmorogers,我会读到它 – 2012-01-28 04:11:30

相关问题

 相关问题