1. 首页
  2. 问答
  3. 为什么这个php文件上传验证脚本不工作?

为什么这个php文件上传验证脚本不工作?

2010-09-20 92 views
-4

亲爱的朋友们,这是一个简单的上传文件并将文件名插入数据库的脚本,为什么这不起作用?它只是上传文件并发送文件名到db,即使经过验证。请帮助为什么这个php文件上传验证脚本不工作?

<?php 

//file validation starts 
//split filename into array and substract full stop from the last part 
$tmp = explode('.', $_FILES['photo']['name']); 
$fileext= $tmp[count($tmp)-1]; 

//read the extension of the file that was uploaded 
$allowedexts = array("png"); 
if(in_array($fileext, $allowedexts)){ 
    return true; 
}else{ 
    $form_error= "Upload file was not supported<br />"; 
    header('Location: apply.php?form_error=' .urlencode($form_error)); 
} 


//file validation ends 

//upload dir for pics 
$uploaddir = './uploads/'; 


//upload file in folder 
$uploadfile = $uploaddir. basename($_FILES['photo']['name']); 


//insert filename in mysql db 
$upload_filename = basename($_FILES['photo']['name']); 



//upload the file now 
    move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile); 

// $photo value is goin to db 
$photo = $upload_filename;

来源

2010-09-20 ktm

+5

哪部分不工作?你会得到什么样的错误或行为? – mkoistinen 2010-09-20 10:34:10

+1

是否有错误讯息? – piddl0r 2010-09-20 10:34:59

+0

看来你的文件扩展名检测失败。见:http://stackoverflow.com/questions/3179294/how-to-find-the-extension-of-an-image-from-path-in-php/3179305#3179305 – fabrik 2010-09-20 10:39:22

回答

3 
function send_error($error = 'Unknown error accured') 
{ 
    header('Location: apply.php?form_error=' .urlencode($error)); 
    exit; //!!!!!! 
} 
//file validation starts 
//split filename into array and substract full stop from the last part 

$fileext = end(explode('.', $_FILES['photo']['name'])); //Ricky Dang | end() 

//read the extension of the file that was uploaded 
$allowedexts = array("png"); 
if(!in_array($fileext, $allowedexts)) 
{ 
} 

//upload dir for pics 
$uploaddir = './uploads/'; 
if(!is_dir($uploaddir)) 
{ 
    send_error("Upload Directory Error"); 
}  

//upload file in folder 
$uploadfile = $uploaddir. basename($_FILES['photo']['name']); 

if(!file_exists($uploadfile)) 
{ 
    send_error("File already exists!"); 
} 

//insert filename in mysql db 
$upload_filename = basename($_FILES['photo']['name']); 

//upload the file now 
if(move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile)) 
{ 
    send_error('Upload Failed, cannot move file!'); 
} 

// $photo value is goin to db 
$photo = $upload_filename;

这是一个清理版本到你,给一个去,看看你得到任何错误

来源

2010-09-20 10:42:24 RobertPitt

+0

谢谢,小监督。 – RobertPitt 2010-09-20 10:45:27

0

您也可以使用此代码找到文件的扩展名。

$tmp = end(explode('.', $_FILES['photo']['name']));

现在$tmp得到了文件的扩展名。

来源

2010-09-20 10:39:12

0

为什么不使用PHP的内置功能来提取文件名扩展?

$fileext = pathinfo($_FILES['photo']['name'],PATHINFO_EXTENSION);

如果文件扩展名是有效的,你从函数返回时没有进一步做任何事情,如果它是无效的你设置的头,但代码的逻辑将继续您的文件处理

来源

2010-09-20 10:42:43

+0

为什么downvote? – 2010-09-20 10:47:00

+0

+1有效答案 - 非常有帮助,我讨厌人们downvote和不评论。 – 2010-09-20 10:49:00

+0

确保您不依赖给定的文件扩展名。更改文件扩展名完全没有问题。我看到你的变量名为“photo” - 所以看看getimgagesize():http://php.net/getimagesize – 2010-09-20 12:51:00

0

你盲目地假设文件上传成功,但有许多原因,它失败,这就是为什么PHP提供['error']的$ _FILES数组:

if ($_FILES['photo']['error'] === UPLOAD_ERR_OK) { 
    // uploaded properly, handle it here... 
} else { 
    die("File upload error, code #" . $_FILES['photo']['error']); 
}

的错误代码是defined here

来源

2010-09-20 12:52:47

相关问题

 相关问题