PHP: 当用户上传带有不允许的扩展名的图片时,文件扩展名是空的
PHP: File extension is empty when user uploads image with unallowed extension
我的网站上有一个表格,除此之外,它还允许用户将图像上传到网站。
HTML 和 PHP:
<html>
<body>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$error = '';
// Checking other input fields...
// If anything else is valid, try to upload file (to avoid uploading useless c**p)
if(isset($_FILES['file']) && $error == '' && $_FILES['file']){
$file = $_FILES['file'];
$file_name = $file['name'];
$file_tmp = $file['tmp_name'];
$file_size = $file['size'];
$file_error = '';
echo $file . $file_name . $file_tmp . $file_size;
$file_ext = pathinfo($file_name, PATHINFO_EXTENSION);
if($file_ext != 'png' && $file_ext != 'jpg' && $file_ext != 'jpeg' && $file_ext != 'gif' && $file_ext != 'bmp'){
$file_error .= "<br>Only png, jpg, jpeg, gif and bmp formats allowed!";
}
if($file_size > 1048576){ // << 1MB in bytes
$file_error .= "<br>Maximum size is 1MB.";
}
if(empty($file_error)){
$file_name_new = uniqid('', true) . '.' . $file_ext;
$file_destination = 'img/usr/' . $file_name_new;
if(rename($file_tmp, $file_destination)){
// echo '<br>' . $file_destination;
} else{$file_error .= '<br>Something went wrong while uploading file';}
}
echo $file_error;
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<fieldset>
<legend>Form</legend>
<!-- Other input fields -->
<div id="form_element">Upload image:</div>
<input type="file" name="file"><span id="error"><small><?php echo $file_error;
//echo $file . '<br>' . $_FILES['file'] . '<br>' . $file_name . $file['name'];
//echo '<br>' . $file_tmp . '<br>' . $file['tmp_name'] . '<br>' . $file_size . '<br>' . $file['size'];
?></small></span>
<div id="form_element">
<input type="submit" value="Postita" id="submit">
</div>
</fieldset>
</form>
存在多个问题。当用户上传不符合要求(大小、格式等)的文件时,即使 $error != '',它仍然会被上传。当用户根本不填写文件输入字段时,代码不应该输入文件上传 if 语句(是的,我知道,我不知道正确的条款......),但 "Something went wrong while uploading file" 仍然是显示。当提交了不允许格式的图片时,它仍然会上传,但路径看起来像这样/url/folder/img。 - 没有文件扩展名。
试试这个...
<?php
IF (isset($_POST['submit'])) {
$err = "";
$mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/jpg', 'image/png', 'image/x-png');
$imgexts = array('gif', 'jpeg', 'jpg', 'png');
IF (!empty($_FILES['file']['name'])) {
$img = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$ext = strtolower(substr(strrchr($_FILES['file']['name'], '.'), 1));// file ext.
$info = @getimagesize($_FILES['file']['tmp_name']);
$imgw = $info[0]; // width
$imgh = $info[1]; // height
$mime = image_type_to_mime_type($info[2]);
IF (!in_array($ext, $imgexts)) {
$err .="<li>File type (".$ext.") is not supported. (Only ".implode(", ",$imgexts).")</li>"; // Non-supported file type
}ELSE{
//
IF (!in_array($mime, $mimetypes)) {
$err .="<li>Mime type (".$mime.") is not supported. (Only ".implode(", ",$mimetypes).")</li>"; // Non-supported mime type
}
}
}ELSE{
$err ="<li>Select a file to upload (".implode(", ",$imgexts).")</li>";
}
IF (!empty($err)) {
echo '<p>Errors:</p><ul>'.$err.'</ul>';
}ELSE{
// good to go
}
}ELSE{
// form not sumbitted
}
?>
我的网站上有一个表格,除此之外,它还允许用户将图像上传到网站。 HTML 和 PHP:
<html>
<body>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$error = '';
// Checking other input fields...
// If anything else is valid, try to upload file (to avoid uploading useless c**p)
if(isset($_FILES['file']) && $error == '' && $_FILES['file']){
$file = $_FILES['file'];
$file_name = $file['name'];
$file_tmp = $file['tmp_name'];
$file_size = $file['size'];
$file_error = '';
echo $file . $file_name . $file_tmp . $file_size;
$file_ext = pathinfo($file_name, PATHINFO_EXTENSION);
if($file_ext != 'png' && $file_ext != 'jpg' && $file_ext != 'jpeg' && $file_ext != 'gif' && $file_ext != 'bmp'){
$file_error .= "<br>Only png, jpg, jpeg, gif and bmp formats allowed!";
}
if($file_size > 1048576){ // << 1MB in bytes
$file_error .= "<br>Maximum size is 1MB.";
}
if(empty($file_error)){
$file_name_new = uniqid('', true) . '.' . $file_ext;
$file_destination = 'img/usr/' . $file_name_new;
if(rename($file_tmp, $file_destination)){
// echo '<br>' . $file_destination;
} else{$file_error .= '<br>Something went wrong while uploading file';}
}
echo $file_error;
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<fieldset>
<legend>Form</legend>
<!-- Other input fields -->
<div id="form_element">Upload image:</div>
<input type="file" name="file"><span id="error"><small><?php echo $file_error;
//echo $file . '<br>' . $_FILES['file'] . '<br>' . $file_name . $file['name'];
//echo '<br>' . $file_tmp . '<br>' . $file['tmp_name'] . '<br>' . $file_size . '<br>' . $file['size'];
?></small></span>
<div id="form_element">
<input type="submit" value="Postita" id="submit">
</div>
</fieldset>
</form>
存在多个问题。当用户上传不符合要求(大小、格式等)的文件时,即使 $error != '',它仍然会被上传。当用户根本不填写文件输入字段时,代码不应该输入文件上传 if 语句(是的,我知道,我不知道正确的条款......),但 "Something went wrong while uploading file" 仍然是显示。当提交了不允许格式的图片时,它仍然会上传,但路径看起来像这样/url/folder/img。 - 没有文件扩展名。
试试这个...
<?php
IF (isset($_POST['submit'])) {
$err = "";
$mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/jpg', 'image/png', 'image/x-png');
$imgexts = array('gif', 'jpeg', 'jpg', 'png');
IF (!empty($_FILES['file']['name'])) {
$img = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$ext = strtolower(substr(strrchr($_FILES['file']['name'], '.'), 1));// file ext.
$info = @getimagesize($_FILES['file']['tmp_name']);
$imgw = $info[0]; // width
$imgh = $info[1]; // height
$mime = image_type_to_mime_type($info[2]);
IF (!in_array($ext, $imgexts)) {
$err .="<li>File type (".$ext.") is not supported. (Only ".implode(", ",$imgexts).")</li>"; // Non-supported file type
}ELSE{
//
IF (!in_array($mime, $mimetypes)) {
$err .="<li>Mime type (".$mime.") is not supported. (Only ".implode(", ",$mimetypes).")</li>"; // Non-supported mime type
}
}
}ELSE{
$err ="<li>Select a file to upload (".implode(", ",$imgexts).")</li>";
}
IF (!empty($err)) {
echo '<p>Errors:</p><ul>'.$err.'</ul>';
}ELSE{
// good to go
}
}ELSE{
// form not sumbitted
}
?>