<?php
session_start();
require "database.php";
$db = new database();
$operation = $_REQUEST['action'];
$file = uniqid() . " - " . $_FILES['document']['name'];
$result = move_uploaded_file(
$_FILES['document']['tmp_name'],
"uploads/" . $file );
switch ($operation)
{
case 'Add':
$name = $_REQUEST['name'];
$image = "uploads/" . $file;
$result = $db->insert($name,$image);
break;
case 'update':
$id = $_SESSION['user_id'];
$name = $_REQUEST['name'];
$image = "uploads/" . $file;
$result = $db->update($id,$name,$image);
break;
case 'delete':
$result = $db->delete($_REQUEST['id']);
break;
default:
echo "invalid request";
break;
}
header("Location:display.php");
?>
使用is_uploaded_file()函数检查文件是否随表单一起上载。因此,按照以下方式更改代码,
...
$operation = $_REQUEST['action'];
$file = null;
if(is_uploaded_file($_FILES['document']['tmp_name'])){
$file = uniqid() . " - " . $_FILES['document']['name'];
$result = move_uploaded_file($_FILES['document']['tmp_name'], "uploads/" . $file );
}
switch($operation){
case 'Add':
$name = $_REQUEST['name'];
$image = ($file == null) ? null : "uploads/" . $file;
$result = $db->insert($name,$image);
break;
case 'update':
$id = $_SESSION['user_id'];
$name = $_REQUEST['name'];
$image = ($file == null) ? null : "uploads/" . $file;
$result = $db->update($id,$name,$image);
break;
case 'delete':
...
}
...
你的update方法是这样的,
public function update($id, $name, $image) {
$query = "UPDATE customers SET name='$name'";
if($image != null){
$query .= ", image ='$image'";
}
$query .= " WHERE id=$id";
return mysqli_query($this->connect,$query);
}
旁注:了解准备好的语句,因为现在您的查询容易受到SQL注入攻击。另请参阅如何在PHP中防止SQL注入。