我想知道如何在pdo中转义字符串.我一直在逃避弹簧,如下面的代码,但现在用pdo我不知道怎么做
$username=(isset($_POST['username']))? trim($_POST['username']): '';
$previlage =(isset($_GET['previlage']));
$query ="SELECT * FROM site_user
WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND previlage ='Admin'";
$security = mysql_query($query)or die (mysql_error($con));
$count = mysql_num_rows($security);
我打算一次将许多图像上传到文件夹中,并将其信息保存到数据库中.
无论我选择一个还是多个,代码都会正确地将这些图像上传到文件夹中.但是,当我选择多个时,它不会将图像的信息存储到数据库中,而只会将图像上传到文件夹中.如果我选择一个图像,那么它会正确地将该图像的信息存储到数据库中.
以下是我的代码.
<?php
#connect to the db
require_once('db.inc.php');
?>
<html>
<head>
</head>
<body>
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="files[]" multiple/>
<input type="submit"/>
</form>
<?php
if(isset($_FILES['files'])){
$errors= array();
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){
$file_name = $key.$_FILES['files']['name'][$key];
$file_size =$_FILES['files']['size'][$key];
$file_tmp =$_FILES['files']['tmp_name'][$key];
$file_type=$_FILES['files']['type'][$key];
if($file_size > 2097152){
$errors[]='File size must be less than 2 MB';
}try{
$query ="INSERT into tish_images(FILE_NAME,FILE_SIZE,FILE_TYPE)
VALUES(:FILE_NAME,:FILE_SIZE,:FILE_TYPE)";
$insert = $con->prepare($query);
$insert->execute(array(
':FILE_NAME'=>$file_name,
':FILE_SIZE'=>$file_size,
':FILE_TYPE'=>$file_type));
}catch(PDOException $e){
echo $e->getMessage();
}
$desired_dir="image_uploads";
if(empty($errors)==true){
if(is_dir($desired_dir)==false){
mkdir("$desired_dir", 0700);// Create directory if …我正在创建一个脚本,该脚本允许用户上传图像,但是现在我想包含一个简单的if语句,该语句仅接受gif和png。这是我的代码,但似乎无法正常工作。
#extention filter
$allowed = array("image/gif","image/png");
if(!in_array($files,$allowed)){
$error_message = 'Only jpg, gif, and pdf files are allowed.';
$error = 'yes';
echo $error_message;
exit();
} #extention
我正在使用bellow查询更新,但现在我尝试将其更改为pdo,但它无法正常工作请任何帮助将不胜感激
function updateonlinesession(){
if(isset($_SESSION['username']['id'])){
$uid = $_SESSION['username']['id'];
$page = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['logged'];
mysql_query("UPDATE site_user SET dateupdated = now(),ip = '$ip' WHERE
username = '".mysql_real_escape_string($_SESSION['username'])."'");
}
}
这是我用pdo尝试过的
function updateonlinesession(){
if(isset($_SESSION['username']['id'])){
$uid = $_SESSION['username']['id'];
$page = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['logged'];
$update = ("UPDATE site_user SET dateupdated = now(),ip = '$ip' WHERE
username = '".($_SESSION['username'])."'");
$sth_update= $con->prepare($update);
$sth_update->execute();
}
}
?>