图像字段上传php和其他文件上传文件夹

Question

我的脚本无法正常工作。如果我上传一个PHP文件，而不是JPG文件，那么它不应该上传PHP文件上传文件夹，我想只允许图像文件。请纠正我的脚本。

这是我的代码谢谢！

<?php 
include "inc.php"; 
ob_start(); 

if(!isset($_SESSION['ocer']) && trim($_SESSION['ocer'])!=''){ 
header("Location: admin.php?l=1"); 
} 


function getExtension($str) { 
     $i = strrpos($str,"."); 
     if (!$i) { return ""; } 
     $l = strlen($str) - $i; 
     $ext = substr($str,$i+1,$l); 
     return $ext; 
} 


$title=addslashes(mysql_real_escape_string($_REQUEST['title'])); 
$des=addslashes(mysql_real_escape_string($_REQUEST['des'])); 
$location=addslashes(mysql_real_escape_string($_REQUEST['location'])); 
$state=addslashes(mysql_real_escape_string($_REQUEST['state'])); 
$status=mysql_real_escape_string($_REQUEST['status']); 
$userid=mysql_real_escape_string($_REQUEST['userid']); 
$date1=mysql_real_escape_string($_REQUEST['date1']); 



chmod('upload', 0777); 


if($_FILES['file_name1']['name']!="") 
{ 
    $file_name1=$_FILES['file_name1']['name']; 

    $ext=getExtension($file_name1); 
    if(trim($ext)=='jpeg' || trim($ext)=='jpg' || trim($ext)=='gif' || trim($ext)=='png' || trim($ext)=='tiff') 
    { 
     $file_name1=mktime().'thumb1'.'.'.$ext; 

     copy($_FILES['file_name1']['tmp_name'],"upload/".$file_name1); 
    } 
} 

if($_FILES['file_name2']['name']!="") 
{ 
    $file_name2=$_FILES['file_name2']['name']; 

    $ext=getExtension($file_name2); 
    if(trim($ext)=='jpeg' || trim($ext)=='jpg' || trim($ext)=='gif' || trim($ext)=='png' || trim($ext)=='tiff') 
    { 

    $file_name2=mktime().'thumb2'.'.'.$ext; 

    copy($_FILES['file_name2']['tmp_name'],"upload/".$file_name2); 
    } 
} 

if($_FILES['file_name3']['name']!="") 
{ 
    $file_name3=$_FILES['file_name3']['name']; 

    $ext=getExtension($file_name3); 
    if(trim($ext)=='jpeg' || trim($ext)=='jpg' || trim($ext)=='gif' || trim($ext)=='png' || trim($ext)=='tiff') 
    { 

    $file_name3=mktime().'thumb3'.'.'.$ext; 

    copy($_FILES['file_name3']['tmp_name'],"upload/".$file_name3); 
    } 
} 

if($_FILES['file_name4']['name']!="") 
{ 
    $file_name4=$_FILES['file_name4']['name']; 

    $ext=getExtension($file_name4); 
    if(trim($ext)=='jpeg' || trim($ext)=='jpg' || trim($ext)=='gif' || trim($ext)=='png' || trim($ext)=='tiff') 
    { 

    $file_name4=mktime().'thumb4'.'.'.$ext; 

    copy($_FILES['file_name4']['tmp_name'],"upload/".$file_name4); 
    } 
} 

if(trim($title)!="" && trim($des)!=""){ 


$sql_ins="insert into `jobs` set title='$title',des='$des',location='$location',state='$state',date1='$date1',userid='$userid',status='$status',newsimg='$file_name1',newsimg2='$file_name2',newsimg3='$file_name3',newsimg4='$file_name4'"; 


$rs=mysql_query($sql_ins) or die(mysql_error()); 

$lid=mysql_insert_id(); 

$notice="job"; 


} 


header("location: admin.php?done=1"); 


?> 

Answer 1

尝试以下行1

$ext = pathinfo($_FILES["file_name3"]["name"], PATHINFO_EXTENSION); 
if($ext...)// your if else condition 
{} 
else 
{} 

Answer 2

部分：

$valid_mime_types = array(
    "image/gif", 
    "image/png", 
    "image/jpeg", 
    "image/pjpeg", 
); 

if (in_array($_FILES["file"]["type"], $valid_mime_types)) { 
    $destination = "uploads/" . $_FILES["file"]["name"]; 
    move_uploaded_file($_FILES["file"]["tmp_name"], $destination); 
} 

第2部分：

$valid_file_extensions = array(".jpg", ".jpeg", ".gif", ".png"); 

$file_extension = strrchr($_FILES["file"]["name"], "."); 

// Check that the uploaded file is actually an image 
// and move it to the right folder if is. 
if (in_array($file_extension, $valid_file_extensions)) { 
    $destination = "uploads/" . $_FILES["file"]["name"]; 
    move_uploaded_file($_FILES["file"]["tmp_name"], $destination); 
} 

第3部分：

if (@getimagesize($_FILES["file"]["tmp_name"]) !== false) { 
    $destination = "uploads/" . $_FILES["file"]["name"]; 
    move_uploaded_file($_FILES["file"]["tmp_name"], $destination); 
}