PHP + MySQL 搭建網(wǎng)站-圖片上傳、故事刪除

2018-09-28 20:13 更新

圖片上傳、故事刪除

上篇文章中講到,story.php 中的表單提交之后的頁面是 story_submit.php,我們就看一下 story_submit.php 是如何完成文章的發(fā)表的老樣子,先上代碼:

<?php  
    # add / modify story record  
    include_once('include_fns.php');  

    $handle = db_connect();  

    $headline = $_REQUEST['headline'];  
    $page = $_REQUEST['page'];  
    $time = time();  

    if ((isset($_FILES['html']['name']) &&   
        (dirname($_FILES['html']['type']) == 'text') &&  
        is_uploaded_file($_FILES['html']['tmp_name']) )) {  
        // if user upload some files, then set the content of the files as the story_text  
        $story_text = file_get_contents($_FILES['html']['tmp_name']);  
    }else{  
        $story_text = $_REQUEST['story_text'];  
    }  

    $story_text = addslashes($story_text);  

    if (isset($_REQUEST['story']) && $_REQUEST['story']!='') {  
        # it's an update  
        $story = $_REQUEST['story'];  

        $query = "update stories   
                  set headline = '$headline',  
                      story_text = '$story_text',  
                      page = '$page',  
                      modified = $time  
                  where id = $story";  
    }else{  
        // it's a new story  
        $query = "insert into stories  
                  (headline,story_text,page,writer,created,modified)  
                  values  
                  ('$headline','$story_text','$page','".$_SESSION['auth_user']."',  
                    $time,$time)";  
    }  

    $result = mysql_query($query);  

    if (!$result) {  
        # code...  
        echo "There was a database error when executing <pre>$query</pre>";  
        echo mysql_error();  
        exit;   
    }  

    if ((isset($_FILES['picture']['name']) &&   
        is_uploaded_file($_FILES['picture']['tmp_name']))) {  
        # there is uploaded picture  
        if (!isset($_REQUEST['story']) || $_REQUEST['story']=='') {  
            $story = mysql_insert_id($handle);  
            // mysql_insert_id  return the auto generated id used in the last query  
        }  
        $type = basename($_FILES['picture']['type']);  

        switch ($type) {  
            case 'jpeg':  
            case 'pjpeg':  
            case 'png':  
            case 'jpg':  
                $filename = "images/$story.jpg";  
                move_uploaded_file($_FILES['picture']['tmp_name'], '../'.$filename);  
                $query = "update stories   
                          set picture = '$filename'  
                          where id = $story";  
                $result = mysql_query($query);  
                break;  

            default:  
                echo 'Invalid picture format:'.$_FILES['picture']['type'];  
                break;  
        }  
    }else{  
        // there is no image file to upload or didn't get the file's info  
        echo 'Possible file upload attack:';  
        echo "filename '".$_FILES['picture']['tmp_name']."'.";  
    }  

    header('Location: '.$_REQUEST['destination']);  
?>

我們還是先從整體捋一遍代碼:

$headline = $_REQUEST['headline'];  
    $page = $_REQUEST['page'];

這兩個變量都是從上一個頁面 story.php 提交表單中獲取的參數(shù)。

$time = time();

time 函數(shù)返回的是時間戳。

if ((isset($_FILES['html']['name']) &&   
        (dirname($_FILES['html']['type']) == 'text') &&  
        is_uploaded_file($_FILES['html']['tmp_name']) )) {  
        // if user upload some files, then set the content of the files as the story_text  
        $story_text = file_get_contents($_FILES['html']['tmp_name']);  
    }else{  
        $story_text = $_REQUEST['story_text'];  
    }

這部分代碼返回的是上傳的 html 文件的內(nèi)容。

$story_text = addslashes($story_text);

這里用到了 php 中發(fā)送 text 內(nèi)容到數(shù)據(jù)庫的一個函數(shù):addslashes,作用是在一些特定的符號前面加上/符號,特定的符號有', '' , nul, \等,

例如:

然后我在搜索這個函數(shù)是,發(fā)現(xiàn)了另外的方法 mysql_escape_string,

if (isset($_REQUEST['story']) && $_REQUEST['story']!='') {  
        # it's an update  
        $story = $_REQUEST['story'];  

        $query = "update stories   
                  set headline = '$headline',  
                      story_text = '$story_text',  
                      page = '$page',  
                      modified = $time  
                  where id = $story";  
    }else{  
        // it's a new story  
        $query = "insert into stories  
                  (headline,story_text,page,writer,created,modified)  
                  values  
                  ('$headline','$story_text','$page','".$_SESSION['auth_user']."',  
                    $time,$time)";  
    }

根據(jù)傳入的參數(shù)中有沒有 story 來判斷是更新還是新添加的 story,這里之前我們也有提到了。

if ((isset($_FILES['picture']['name']) &&   
        is_uploaded_file($_FILES['picture']['tmp_name']))) {  
        # there is uploaded picture  
        if (!isset($_REQUEST['story']) || $_REQUEST['story']=='') {  
            $story = mysql_insert_id($handle);  
            // mysql_insert_id  return the auto generated id used in the last query  
        }  
        $type = basename($_FILES['picture']['type']);  

        switch ($type) {  
            case 'jpeg':  
            case 'pjpeg':  
            case 'png':  
            case 'jpg':  
                $filename = "images/$story.jpg";  
                move_uploaded_file($_FILES['picture']['tmp_name'], '../'.$filename);  
                $query = "update stories   
                          set picture = '$filename'  
                          where id = $story";  
                $result = mysql_query($query);  
                break;  

            default:  
                echo 'Invalid picture format:'.$_FILES['picture']['type'];  
                break;  
        }

上段代碼是標準的 php 上傳文件的步驟,可以試著記一下

注意這行$story = mysql_insert_id($handle);,是得到自增序列的下一個字段

header('Location: '.$_REQUEST['destination']);

我們上一篇里面有提到過,在 form 提交了兩個 hidden 的參數(shù),其中一個是 destination,其實就是 writer.php 頁面了。

好了,基本上這個頁面沒有什么特別難的地方。

我們在來看更簡單的 delete_story.php

通過 check_permission 函數(shù)來確定當前用戶是否有修改的權(quán)限,如果有,就把當前的文章刪除。check_permission 是在 user_auth_fns.php 文件中

好了,文章的修改和新建部分我們都全部介紹完了,下一篇,我們來介紹 publish 相關(guān)的 3 個文件。

本文由 kaka 創(chuàng)作,采用 知識共享署名-相同方式 3.0 (CC協(xié)議) 中國大陸許可協(xié)議 進行許可。轉(zhuǎn)載、引用前需聯(lián)系作者,并署名作者且注明文章出處。

以上內(nèi)容是否對您有幫助:
在線筆記
App下載
App下載

掃描二維碼

下載編程獅App

公眾號
微信公眾號

編程獅公眾號