<php+mysql>上传文件到指定文件夹，共享数据和脚本，文件验证，脚本之间的通信

本文链接：https://blog.youkuaiyun.com/qq_17615475/article/details/50455718

（《Head First PHP & MySQL》学习记录）

add-score.php

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Guitar Wars - Add Your Score</title>
</head>

<body>
<h1>Guitar Wars - Add Your Score</h1>
<?php
	require_once('appvars.php'); //共享数据和脚本
	require_once('connectvars.php');
	
	if(isset($_POST['submit'])){
		$name=$_POST['name'];
		$score=$_POST['score'];
		$screenshot=$_FILES['screenshot']['name'];
		$screenshot_type=$_FILES['screenshot']['type'];
		$screenshot_size=$_FILES['screenshot']['size'];
		$output_form=false;
		
		if(!empty($name)&&!empty($score)&&!empty($screenshot)){
			if(is_numeric($score)){
				if((($screenshot_type=='image/pjpeg')||($screenshot_type=='image/jpeg')||($screenshot_type=='image/gif')||($screenshot_type=='image/png'))&&($screenshot_size<=GW_MAXFILESIZE)){ //文件验证
					if($_FILES['screenshot']['error']==0){
						$target=GW_UPLOADPATH.$screenshot;
						if(move_uploaded_file($_FILES['screenshot']['tmp_name'],$target)){ //上传文件到指定文件夹
							$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting MySQL server.');
							$query="INSERT INTO guitarwars VALUES (0,NOW(),'$name','$score','$screenshot')";
							mysqli_query($dbc,$query);
							echo '<p>Thanks for adding your score!</p>';
							echo '<p>Name: '.$name.'<br />';
							echo 'Score: '.$score.'</p><br />';
							echo '<img src="'.GW_UPLOADPATH.$screenshot.'" alt="Score image" /></p>';
							echo '<p><a href="high-score.php"><<Back to High Score List</a></p>';
							mysqli_close($dbc);
						}
					}else{
						echo '<p>Sorry, there was something wrong when uploading your screenshot image. </p>';
						$output_form=true;
					}
				}else{
					echo '<p>The screenshot must be a GIF, JPEG or PNG image file and smaller than '.(GW_MAXFILESIZE/1024).' KB in size</p>';
					$output_form=true;
				}
			}else{
				echo '<p>Your score must be a number. </p>';
				$output_form=true;
			}
		}else{
			echo 'You haven\'t complete the form yet...';
			$output_form=true;
		}
	}else{
		$output_form=true;
	}
	if($output_form){
?>
		<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
        	<input type="hidden" name="MAX_FILE_SIZE" value="32768" />
        	<label for="name">Name: </label>
            <input type="text" id="name" name="name" value="<?php echo $name; ?>" /><br />
            <label for="score">Score: </label>
            <input type="text" id="score" name="score" value="<?php echo $score; ?>" /><br />
            <label for="screenshot">Screenshot: </label>
            <input type="file" id="screenshot" name="screenshot" /><br />
            <input type="submit" name="submit" value="Add" />
        </form>
<?php
	}
?>
</body>
</html>

high-score.php

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>High Score List</title>
</head>

<body>
	<h1>High Score List</h1>
    <p>Hey guitar warrior, do you have what it takes to crack the high score list? If so, <a href="add-score.php">add your own score</a>.</p>
<?php
	require_once('appvars.php');
	require_once('connectvars.php');
	
	$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting MySQL server.');
	$query="SELECT * FROM guitarwars ORDER BY score DESC, date ASC";
	$result=mysqli_query($dbc,$query) or die('Error querying database.');
	echo '<table>';
	while($row=mysqli_fetch_array($result)){
		echo '<tr><td class="scoreinfo">';
		echo '<span>'.$row['score'].'</span><br />';
		echo '<strong>Name: </strong>'.$row['name'].'<br />';
		echo '<strong>Date: </strong>'.$row['date'].'</td>';
		if(is_file(GW_UPLOADPATH.$row['screenshot'])&&filesize(GW_UPLOADPATH.$row['screenshot'])>0){
			echo '<td><img src="'.GW_UPLOADPATH.$row['screenshot'].'" alt="Score image" /></td></tr>';
		}else{
			echo '<td><img src="'.GW_UPLOADPATH.'unverified.jpg'.'" alt="Unverified score" /></td></tr>';
		}
	}
	echo '</table>';
	mysqli_close($dbc);
?>
</body>
</html>

admin.php

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>High Score Administration</title>
</head>

<body>
	<h1>High Score Administration</h1>
    <p>Administrators only!</p>
	<?php
		require_once('appvars.php');
		require_once('connectvars.php');
		
		$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die('Error connecting MySQL server. ');
		
		$query="SELECT * FROM guitarwars ORDER BY score DESC, date ASC";
		$result=mysqli_query($dbc,$query) or die('Error querying database. ');
		
		echo '<table>';
		while($row=mysqli_fetch_array($result)){
			echo '<tr><td><strong>'.$row['name'].'</strong></td>';
			echo '<td>'.$row['date'].'</td>';
			echo '<td>'.$row['score'].'</td>';
			echo '<td><a href="removescore.php?id=' . $row['id'] . '&date=' . $row['date'] . '&name=' . $row['name'] . '&score=' . $row['score'] . '&screenshot=' . $row['screenshot'] . '">Remove</a></td></tr>'; //脚本之间的通信
		}
		echo '</table>';
		mysqli_close($dbc);
	?>
</body>
</html>

removescore.php

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Remove Score</title>
</head>

<body>
<?php
	require_once('appvars.php');
	require_once('connectvars.php');
	
	if(isset($_GET['id'])&&isset($_GET['date'])&&isset($_GET['name'])&&isset($_GET['score'])&&isset($_GET['screenshot'])){
		$id=$_GET['id'];
		$date=$_GET['date'];
		$name=$_GET['name'];
		$score=$_GET['score'];
		$screenshot=$_GET['screenshot'];
	}
	else if(isset($_POST['id'])&&isset($_POST['name'])&&isset($_POST['score'])){
		$id=$_POST['id'];
		$name=$_POST['name'];
		$score=$_POST['score'];
	}
	else{
		echo '<p>Sorry, no score was specified for removal. </p>';
	}
	
	if(isset($_POST['submit'])){
		if($_POST['confirm']=='Yes'){
			@unlink(GW_UPLOADPATH.$screenshot);
			
			$dbc=mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die('Error connecting MySQL server. ');
			$query="DELETE FROM guitarwars WHERE id = $id LIMIT 1";
			mysqli_query($dbc,$query) or die('Error querying databse. ');
			mysqli_close($dbc);
			
			echo '<p>The score of '.$score.' for '.$name.'has been successfully removed. </p>';
		}else{
			echo '<p>Something wrong happened when removing the score. </p>';
		}
	}
	else if(isset($id)&&isset($name)&&isset($score)&&isset($date)&&isset($screenshot)){
		echo '<p>Are you sure you want to delete the following score? </p>';
		echo '<p><strong>Name: </strong>'.$name.'<br /><strong>Score: </strong>'.$score.'<br /><strong>Date: </strong>'.$date.'</p>';
		echo '<form method="post" action="removescore.php">';
		echo '<input type="radio" name="confirm" value="Yes" />Yes';
		echo '<input type="radio" name="confirm" value="No" checked="checked" />No<br />';
		echo '<input type="submit" name="submit" value="Submit" />';
		echo '<input type="hidden" name="id" value="'.$id.'" />';
		echo '<input type="hidden" name="name" value="'.$name.'" />';
		echo '<input type="hidden" name="score" value="'.$score.'" />';
		echo '</form>';
	}
	echo '<a href="admin.php"><<Back to admin page</a>';
?>
</body>
</html>

appvars.php

<?php
	define('GW_UPLOADPATH','images/');
	define('GW_MAXFILESIZE',32768);
?>

connectvars.php

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Untitled Document</title>
</head>

<body>
<?php
	define('DB_NAME','maystudio');
	define('DB_USER','root');
	define('DB_PASSWORD','12345678');
	define('DB_HOST','127.0.0.1');
?>
</body>
</html>

代码下载：http://download.youkuaiyun.com/detail/qq_17615475/9389018