提问人:Cool Hand Luke 提问时间:2/6/2009 更新时间:2/6/2009 访问量:2871
使用 If 语句上传的 PHP 文件验证
PHP File Validation using If statements uploads
问:
嗨,我是 php 的新手,但我一直在关注一些教程,但它们似乎不起作用,所以我试图调整它们。 我已经测试了这段代码,它在一定程度上可以工作,但还有其他一些我无法理解的东西,php 文件没有上传(很好),但细节仍然被写入 datbase,尽管$ok设置为 0(不精细)。如果解释一下这里会发生什么可能会更容易:
- 用户可以上传gif或jpeg文件。添加到数据库的详细信息。 - 用户不能上传任何文件,因为将使用默认文件。添加到数据库的详细信息。 - 用户不应能够上传任何其他文件。数据库上不应有记录,用户应重试。
到目前为止,我的代码:
<?php
//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
$ok=0;
//This gets all the other information from the form
$name= mysql_real_escape_string ($_POST['nameMember']);
$bandMember= mysql_real_escape_string ($_POST['bandMember']);
$pic= mysql_real_escape_string ($_FILES['photo']['name']);
$about= mysql_real_escape_string ($_POST['aboutMember']);
$bands= mysql_real_escape_string ($_POST['otherBands']);
$uploaded_size=$_FILES['photo']['file_size'];
if ($uploaded_size > 350000)
{
echo "Your file is too large, 35Kb is the largest file you can upload.<br>";
$ok=0;
}
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
if (!($uploaded_type =="image/jpeg"))
{
echo "JPEG<br>";$ok=1;
}
if ($uploaded_type =="image/gif")
{
echo "GIf<br>";$ok=1;
}
if (empty($pic)){
echo "You haven't uploaded a photo, a default will be used instead.<br/>";$ok=1;}
if ($ok==0)
{
Echo "Sorry your file was not uploaded, please try again with the correct format.";
}
//If everything is ok we try to upload it
else
{
// Connects to your Database
mysql_connect("localhost", "*******", "******") or die(mysql_error()) ;
mysql_select_db("project") or die(mysql_error()) ;
//Writes the information to the database
mysql_query("INSERT INTO dbProfile (nameMember,bandMember,photo,aboutMember,otherBands)
VALUES ('$name', '$bandMember', '$pic', '$about', '$bands')") ;
//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory<br/>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
else {
//Gives and error if its not
echo "<p>If you have uploaded a picture there may have been a problem uploading your file.</p>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
}
?>
提前干杯。CHL公司
答:
1赞
Sebastian Hoitz
2/6/2009
#1
错误可能是这样的if语句:
if (!($uploaded_type =="image/jpeg"))
{
echo "JPEG<br>";$ok=1;
}
因为每次上传内容类型不等于“image/jpeg”的图像时,$ok的计算结果为 1,因此所有内容都会写入数据库。
但也要注意,像这样检查MIME类型可能会给你带来麻烦,因为用户能够伪造文件的MIME类型。
例如,您可以使用 Imagick 来获取正确的图像 MIME 类型。在此处查看更多详细信息:https://www.php.net/manual/en/function.imagick-identifyimage.php
编辑:刚刚注意到,$uploaded_type 不会在脚本中的任何地方初始化。正如我所说,您可以使用 $_FILES['photo']['type'] 对 MIME 类型进行粗略估计。
评论
0赞
Cool Hand Luke
2/6/2009
那么$ok=0应该吗?让我直截了当地说,我目前说如果文件不是 jpeg,那么 make $ok=1;这实际上是错误的,我需要让它$ok=0;我会尝试改变它,看看这是否是问题所在。
0赞
Cool Hand Luke
2/6/2009
你说我需要在我的 php 代码顶部添加 $_FILES['photo']['type'] 来检查文件类型?
评论