Step by step teach you to build a website with php+mysql no.5 picture upload, story delete

Source: Internet
Author: User

As mentioned in the previous article, the page after the form was submitted in story.php is story_submit.php, so let's take a look at how story_submit.php finished the post.

In the old way, the code first:

<?php# add/modify Story recordinclude_once (' include_fns.php '); $handle = Db_connect (); $headline = $_request[' Headline ']; $page = $_request[' page '); $time = time (); if (Isset ($_files[' HTML ' [' name ']) && (dirname ($_files[')  HTML ' [' type ']) = = ' text ') &&is_uploaded_file ($_files[' HTML ' [' Tmp_name ']))) {//if user upload some FILES, then Set the content of the files as the Story_text$story_text = file_get_contents ($_files[' HTML ' [' Tmp_name ']);} else{$story _text = $_request[' Story_text ');} $story _text = addslashes ($story _text); if (Isset ($_request[' story ") && $_request[' story ']!= ') {# it ' s an    Update$story = $_request[' story ']; $query = "Update stories set headline = ' $headline ', Story_text = ' $story _text ', page = ' $page ', modified = $time where id = $story ";} else{//it ' s a new story$query = "INSERT into stories (headline,story_text,page,writer,created,modified) VALUES (' $head Line ', ' $story _text ', ' $page ', ' ". $_session[' Auth_User ']." ', $time, $time) ";} $result = mysql_query ($query), if (! $result) {# Code...echo "There is a database error when executing <pre> $query </pre& gt; "; Echo Mysql_error (); exit; }if ((Isset ($_files[' picture '] [' name ']) && is_uploaded_file ($_files[' picture '] [' tmp_name ']))) {# there Uploaded Pictureif (!isset ($_request[' story ") | | $_request[' story ']== ') {$story = mysql_insert_id ($handle);//Mysql_  INSERT_ID return the auto generated ID used in the last query} $type = basename ($_files[' picture '] [' type ']); switch ($type) {case ' JPEG ': Case ' pjpeg ': Case ' png ': case ' jpg ': $filename = ' images/$story. jpg ', move_uploaded_file ($_files[' picture ') [' Tmp_name '], '. /'. $filename); $query = "Update stories set picture = ' $filename ' WHERE id = $story"; $result = mysql_query ($query); ;d efault:echo ' Invalid picture format: '. $_files[' picture ' [' type '];break;}} else{//There is no image file to upload or didn ' t get the file ' s Infoecho ' Possible file upload attack: '; echo ' filename ' ". $_files[' picture '] [' tmp_name ']." '. ";} HEader (' Location: '. $_request[' destination ');? >

let's go through the code as a whole:


7th, line 8

Both of these variables are the parameters obtained from the story.php submission Form on the previous page


Line 9th

The time function returns a timestamp


11-18 rows

This part of the code returns the contents of the uploaded HTML file


Line 20th

Here is the use of PHP to send text content to the database of a function:addslashes, the role of some specific symbols preceded by a/symbol, a specific symbol has ', ', nul, \ , ETC.,

For example:


And then I was searching for this function, and found another way to mysql_escape_string,



22-39 rows

According to the parameters passed in, there is no story to determine whether it is an update or a newly added story, which we have mentioned before.


50-75 rows

is the standard PHP upload file steps, you can try to remember

Note that line 54th is the next field that gets the self-increment sequence

Last line 82nd

We have mentioned in the last blog, in the form submitted two hidden parameters, one of which is destination, in fact, is writer.php page.


Well, basically there's nothing particularly difficult about this page.


We're looking at a simpler delete_story.php .



Use the check_permission function to determine whether the current user has permission to modify, and if so, to delete the current article.

Check_permission is in the user_auth_fns.php file



OK, the article changes and the new section we all finished, the next blog, we introduce publish related 3 files







Step by step teach you to build a website with php+mysql no.5 picture upload, story delete

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.