为什么我会收到未定义索引错误?

发布于 2024-11-26 13:31:55 字数 2836 浏览 1 评论 0原文

我添加了一个 blob 字段,通过 php 表单将图像添加到我的 MYSQL 数据库,现在我在包含新字段的行上收到一条未定义的错误消息,并且该字段的文件未上传,但所有文本字段已添加到数据库中。

这是我的表单:

    <form action="http://www.yeahthatrocks.com/update.php" method="post" enctype="multipart/form-data">
    Game Name:  <input name="game_name" type="text" size="25" maxlength="255" /><br></br>
    Release Date:  <input name="release_date" type="text" size="25" /><p></p>

    Cover Image: <input type="file" name="cover" id="cover"><br><br>
<p>Console:
  <select name="game_console">
    <option value="PS3">PS3</option>
    <option value="Xbox 360">Xbox 360</option>
    <option value="Both">Both</option>
  </select>

  Game Category:  
  <select name="game_category">
    <option value="Retail">Retail</option>
    <option value="PSN">PSN</option>
    <option value="Arcade">Arcade</option>
    <option value="DLC">DLC</option>
  </select>

  Game Type:  
  <select name="game_type">
    <option value="Action">Action</option>
    <option value="Action RPG">Action RPG</option>
    <option value="Adventure">Adventure</option>
    <option value="Board">Board</option>
    <option value="Card">Card</option>
    <option value="Casino">Casino</option>
    <option value="Educational">Educational</option>
    <option value="Fighting">Fighting</option>
    <option value="Flight">Flight</option>
    <option value="Game Show">Game Show</option>
    <option value="Hunting">Hunting</option>
    <option value="Music">Music</option>
    <option value="Other">Other</option>
    <option value="Pinball">Pinball</option>
    <option value="Platformer">Platformer</option>
    <option value="Puzzle">Puzzle</option>
    <option value="Racing">Racing</option>
    <option value="RPG">RPG</option>
    <option value="Shooter">Shooter</option>
    <option value="Sports">Sports</option>
    <option value="Strategy">Strategy</option>
    <option value="Virtual Pet">Virtual Pet</option>
  </select>


 </p> 

    <input name="submit" type="submit" value="upload" />
    </form>

这是 update.php 的相关部分:

$sql="INSERT INTO games (game_name, release_date, game_category, game_type, game_console, cover)
VALUES
('$_POST[game_name]','$_POST[release_date]','$_POST[game_category]','$_POST[game_type]','$_POST[game_console]','$_POST[cover]')";

mysql_query($sql);

它与新字段是二进制文件有关吗?我上传到该字段的文件大小为 11kb。

I added a blob field to add an image to my MYSQL database via a php form and now I am getting an Undefined Error Message on the line that contains the new field and the file for that field did not get uploaded, but all the text fields were added to the database.

Here's my form:

    <form action="http://www.yeahthatrocks.com/update.php" method="post" enctype="multipart/form-data">
    Game Name:  <input name="game_name" type="text" size="25" maxlength="255" /><br></br>
    Release Date:  <input name="release_date" type="text" size="25" /><p></p>

    Cover Image: <input type="file" name="cover" id="cover"><br><br>
<p>Console:
  <select name="game_console">
    <option value="PS3">PS3</option>
    <option value="Xbox 360">Xbox 360</option>
    <option value="Both">Both</option>
  </select>

  Game Category:  
  <select name="game_category">
    <option value="Retail">Retail</option>
    <option value="PSN">PSN</option>
    <option value="Arcade">Arcade</option>
    <option value="DLC">DLC</option>
  </select>

  Game Type:  
  <select name="game_type">
    <option value="Action">Action</option>
    <option value="Action RPG">Action RPG</option>
    <option value="Adventure">Adventure</option>
    <option value="Board">Board</option>
    <option value="Card">Card</option>
    <option value="Casino">Casino</option>
    <option value="Educational">Educational</option>
    <option value="Fighting">Fighting</option>
    <option value="Flight">Flight</option>
    <option value="Game Show">Game Show</option>
    <option value="Hunting">Hunting</option>
    <option value="Music">Music</option>
    <option value="Other">Other</option>
    <option value="Pinball">Pinball</option>
    <option value="Platformer">Platformer</option>
    <option value="Puzzle">Puzzle</option>
    <option value="Racing">Racing</option>
    <option value="RPG">RPG</option>
    <option value="Shooter">Shooter</option>
    <option value="Sports">Sports</option>
    <option value="Strategy">Strategy</option>
    <option value="Virtual Pet">Virtual Pet</option>
  </select>


 </p> 

    <input name="submit" type="submit" value="upload" />
    </form>

And here's the relevant part of update.php:

$sql="INSERT INTO games (game_name, release_date, game_category, game_type, game_console, cover)
VALUES
('$_POST[game_name]','$_POST[release_date]','$_POST[game_category]','$_POST[game_type]','$_POST[game_console]','$_POST[cover]')";

mysql_query($sql);

Does it have something to do with the new field being a binary? The file I'm uploading to that field is 11kb.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

原谅过去的我 2024-12-03 13:31:55

首先,当您将所有这些 $_POST 变量放入 MySQL 时,您需要对其进行转义,阅读 SQL 注入漏洞和 mysql_read_escape_string()

当您插入 $_POST['game_type']$_POST['console'] 时,会触发错误,但您没有它们的表单字段。

编辑

您的$_POST缺少“封面”字段,因为它是文件上传,因此将作为$_FILES变量出现,您必须阅读使用 PHP 上传文件 因为你完全缺少这一点逻辑。

First of all, you need to escape all those $_POST variables as you put them into MySQL, read up on SQL injection vulnerabilities and mysql_read_escape_string();

Your error is being triggered as you are inserting $_POST['game_type'] and $_POST['console'] but you don't have a form field for them.

EDIT

Your $_POST is missing the 'cover' field as it's a file upload, and therefore will come through as a $_FILES variable instead, with which you will have to read up on uploading files with PHP as you are completely missing this bit of logic.

诠释孤独 2024-12-03 13:31:55

您没有“game_category”、“game_type”、“game_console”等的输入字段。因此 $_POST 中不存在这些输入字段,并且 PHP 警告可能已打开(未定义的索引是一个警告)。并且您永远不应该将 $_POST 直接插入数据库,至少在插入之前使用 mysql_real_escape_string 函数。阅读 SQL 注入,您就会明白原因。

You don't have input fields for "game_category" "game_type", "game_console" ect.. so those don't exist in $_POST and PHP warnings are probably turned on (Undefined index is a warning). And you should NEVER insert a $_POST straight to the database, at least use the mysql_real_escape_string function before you insert those. Read up on SQL injection and you will understand why.

初懵 2024-12-03 13:31:55

您收到未定义索引错误,因为 $_POST 不包含 game_category、game_type 和 game_console。 (或任何字段留空)

另外:

  • 我认为将文件存储到这样的数据库中是行不通的。 (示例此处
  • 将 $_POST (或任何用户输入)变量直接放入 SQL 查询中是一个坏主意,最好在插入之前转义这些值。请参阅 mysql_real_escape_string

You're getting an undefined index error because $_POST doesn't contain game_category and game_type and game_console. (or any field is left empty)

Also:

  • I think that storing in a file into a database like that, doesn't work. (Example here)
  • Putting $_POST (or any user input) variables directly into an sql query is a bad idea, best to escape the values before inserting. see mysql_real_escape_string
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文