Javascript 角度+；PHP文件上传（不能发送新创建的属性）_Javascript_Php_Angularjs_Upload_Ng File Upload

Javascript 角度+；PHP文件上传（不能发送新创建的属性）

javascript php angularjs

Javascript 角度+；PHP文件上传（不能发送新创建的属性）,javascript,php,angularjs,upload,ng-file-upload,Javascript,Php,Angularjs,Upload,Ng File Upload,我正在使用 . 它工作得很好，但我需要向我发送的对象添加一些特定属性。此处显示控制器方法： self.uploadFiles = function (files) { if (files && files.length) { for (var i = 0; i < files.length; i++) { files[i].upload_folder = 'upload'; //here i add first property file

我正在使用 . 它工作得很好，但我需要向我发送的对象添加一些特定属性。此处显示控制器方法：

self.uploadFiles = function (files) {
  if (files && files.length) {
    for (var i = 0; i < files.length; i++) {
      files[i].upload_folder = 'upload'; //here i add first property
      files[i].current_date = getCurrentDate(); //here second
      var file = files[i];
      console.log(files[i]);
      Upload.upload({
        url: 'app/views/antonovich/upload.php',
        headers: {'Content-Type': undefined},
        method: 'POST',
        data: file,
        file: file
      }).progress(function(evt){
        self.uploadProgress = parseInt(100.0 * evt.loaded / evt.total);
        //console.log('progress: ' + self.uploadProgress + '% ' + evt.config.file.name);
      }).success(function(data, status, headers, config){
        console.log('file ' + config.file.name + 'uploaded. Response: ' + data);
        $('.errors').html(data);
        self.uploadReady = config.file.name + ' uploaded.';
      });
    }
  }
}

PHP脚本将这些文件上载到文件夹并创建DB行，但两个创建的属性未被查找，并返回以下内容：

Response: Array
(
    [name] => 14488072165280.png
    [type] => image/png
    [tmp_name] => C:\wamp\tmp\phpC39D.tmp
    [error] => 0
    [size] => 872713
)

下面是php脚本示例：

<?php
  if(isset($_FILES['file'])) {
    print_r($_FILES['file']);
    $errors= array();

    $file_name = $_FILES['file']['name'];
    $file_size = $_FILES['file']['size'];
    $file_tmp = $_FILES['file']['tmp_name'];
    $file_type = $_FILES['file']['type'];
    $upload_folder = $_FILES['file']['upload_folder'];
    $current_date = $_FILES['file']['current_date'];
    print_r($upload_folder);
    print_r($current_date);

    $db = new PDO('mysql:host=localhost;dbname=antonovich', 'root', '');
    $query = "INSERT INTO  portfolio(url,date) VALUES('$file_name','$current_date')";
    $stmt = $db->prepare($query);
    $stmt->execute();

    $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
    move_uploaded_file($file_tmp,"../../img/".$upload_folder."/".$file_name);
    echo $file_name . " uploaded file: " . "images/" . $file_name;

  }
  else {
    $errors= array();
    $errors[]="No image found";
    print_r($errors);
  }
?>

有关背景信息，请参阅。$\u FILES superglobal仅包含一组关于每个上载文件的固定值（名称
，类型
，tmp\u名称
，错误
，以及大小
），POST请求中的任何其他数据都应位于$\u POST superglobal中。尝试更改PHP脚本，如下所示：
$upload_folder = $_POST['upload_folder'];
$current_date = $_POST['current_date'];

作为补充说明，我对允许客户端在没有可靠验证的情况下指定目标文件夹持谨慎态度。攻击者可能会使用相对路径上载恶意代码
$upload_folder = $_POST['upload_folder'];
$current_date = $_POST['current_date'];