个人中心
gpt4 book ai didi

php - null 值创建 undefined variable 通知

转载 作者:行者123 更新时间:2023-11-29 22:35:11 25 4
gpt4 key购买 nike

以下脚本给了我以下通知:

注意: undefined variable :employee_pic in C:\xampp\htdocs\SFDB\form\add_employee.php 第 121 行 -> 第 121 行是我的 INSERT 查询的最后一行,其中变量“$employee_pic”位于该查询是通知的罪魁祸首。

如果有人没有在表单上上传图片,我似乎无法理解如何定义该变量。我尝试了所有可以想象的方法,包括 if(isset($employeepic)),if(isset($_file['employeepic'])) ,甚至为变量赋值 if false 但没有成功。我设法通过使用 -error_reporting (E_ALL ^ E_NOTICE) 来抑制该通知;在我的页面顶部,但它并不能帮助我理解为什么我不能首先给变量赋值?

    $employerid= mysqli_real_escape_string($dbc,trim($_POST['employerid']));
$jobtitleid= mysqli_real_escape_string($dbc, trim($_POST['jobtitleid']));
$firstname= mysqli_real_escape_string($dbc, trim($_POST['firstname']));
$lastname= mysqli_real_escape_string($dbc, trim($_POST['lastname']));
$address= mysqli_real_escape_string($dbc, trim($_POST['address']));
$city= mysqli_real_escape_string($dbc, trim($_POST['city']));
$province= mysqli_real_escape_string($dbc, trim($_POST['province']));
$country= mysqli_real_escape_string($dbc, trim($_POST['country']));
$postalcode= mysqli_real_escape_string($dbc, trim($_POST['postalcode']));
$phone= mysqli_real_escape_string($dbc, trim($_POST['phone']));
$email= mysqli_real_escape_string($dbc, trim($_POST['email']));
$employeecomment = mysqli_real_escape_string($dbc, trim($_POST['employeecomment']));
$employeepic = mysqli_real_escape_string($dbc, trim($_FILES['employeepic']['name']));
$employeepic_type = $_FILES['employeepic']['type'];
$employeepic_size = $_FILES['employeepic']['size'];

  //Validate picture type//
  if(!empty($employeepic)) {

        if ((($employeepic_type == 'image/jpg') ||($employeepic_type == 'image/jpeg') ||($employeepic_type == 'image/gif') ||
            ($employeepic_type == 'image/png')) && ($employeepic_size <= EMP_MAXSIZE) && ($employeepic_size > 0)){
            preg_replace('#[\s\&\@\#\$\%\(\)\[\]\&]#','', $employeepic);

            // Move the file to the target upload folder
            $target = (EMP_UPLOADPATH .$firstname.$employeepic);
            if(move_uploaded_file($_FILES['employeepic']['tmp_name'],$target)){

                $employee = $firstname. " " .$lastname;
                $employee_pic = $firstname.$employeepic;
                }

            }else{
                $filetoobig =' <p class="error"> There was a problem uploading your picture. Maximum size is 30K and must be in jpg, jpeg or pjpeg format</p>';
                @unlink($_FILES['employeepic']['tmp_name']);
                $employee_pic = '';


                 }
         }

  // pulling out records to check for duplicate
  $query2 ="SELECT firstname, lastname FROM employee WHERE firstname='$firstname' AND lastname='$lastname'";
  $duplicate = mysqli_query($dbc, $query2);

        if  (mysqli_num_rows($duplicate) <> 0){
            $query3 = "SELECT employeeid FROM employee WHERE firstname='$firstname' AND lastname ='$lastname'";
            $result3 =mysqli_query($dbc, $query3);
            if($result3) {
                while($row = mysqli_fetch_assoc($result3)) {
                    $newpic= $row['employeeid'];    
                }
            }
                $query2 = "UPDATE employee SET employeepic = '$employee_pic' WHERE employeeid = '$newpic'";
                $result2 = mysqli_query($dbc, $query2);
                mysqli_close($dbc);
            $successup ='<p class="success">You successfully updated this employee record</p>';

        }else{


                //query to populate employee form//
                $query = "INSERT INTO employee (employerid, jobtitleid, firstname, lastname, address, city, province, country, postalcode," .
                "phone, email, employeecomment, employeepic) VALUES ('$employerid', '$jobtitleid', '$firstname', '$lastname'," .
                " '$address', '$city', '$province', '$country', '$postalcode', '$phone', '$email','$employeecomment',$employee_pic";
                $result = mysqli_query($dbc, $query);
                mysqli_close($dbc);
                $success ='<p class="success">Record created successfully</p>';

            }

}?>

最佳答案

对于像 $_POST 这样的东西,您可能希望将作业包装在 isset() 中 - 类似于:

if (isset($_POST['var'])) {
    $var = $_POST['var'];
} else {
    $var = null;
}

这样,每个变量都被初始化。

顺便说一句,如果您没有使用 PDO 来使用准备好的语句,这真的很可怕。如果不使用准备好的语句,您很容易受到 SQL 注入(inject)的攻击!您认为自己使用了多少 sanitizer 并不重要。

关于php - null 值创建 undefined variable 通知,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29571581/

25 4 0
文章推荐: VB.net 中的 MySQL 连接错误
文章推荐: android - Firebase Crashlytics 是否可以获取我的应用程序数据?
文章推荐: android - 在 Kotlin 中为 recyclerView 的 child 的 child 设置监听器
文章推荐: php - 如何限制数据库调用的随机数为随机数加五?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com