Fatal编程技术网
  • php/
  • Php 文件上传不';行不通 文件名:

Php 文件上传不';行不通 文件名:

php html

Php 文件上传不';行不通 文件名:,php,html,Php,Html,下面的php代码不起作用。它根本不检查任何东西。它没有显示最大文件大小错误。它所做的是,它接受我试图上传的任何文件,并将文件名插入数据库。它没有检查我为文件上传设置的任何限制。有什么想法吗?txs <html> <body> <form action="upload.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label>

下面的php代码不起作用。它根本不检查任何东西。它没有显示最大文件大小错误。它所做的是,它接受我试图上传的任何文件,并将文件名插入数据库。它没有检查我为文件上传设置的任何限制。有什么想法吗?txs

<html>
<body>

<form action="upload.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file_field"><br>
<input type="submit" name="submit" value="Submit">
</form>

</body>
</html> 

错误在这里:


<?php

function uploadFile ($check_image = false, $random_name = false) {

//Config Section    
//Set file upload path
$path = 'c:/xampp/htdocs/images/'; //with trailing slash
//Set max file size in bytes
$max_size = 1000000;
//Set default file extension whitelist
$whitelist_ext = array('jpg','png','gif');
//Set default file type whitelist
$whitelist_type = array('image/jpeg', 'image/png','image/gif');

//The Validation
// Create an array to hold any output
$out = array('error'=>null);

if (!$_FILES['file_field']) {
$out['error'][] = "Please specify a valid form field name";           
}

if (!$path) {
$out['error'][] = "Please specify a valid upload path";               
}

if (count($out['error'])>0) {
return $out;
}

//Make sure that there is a file
if((!empty($_FILES['file_field'])) && ($_FILES['file_field']['error'] == 0)) {

// Get filename
$file_info = pathinfo($_FILES['file_field']['name']);
$name = $file_info['filename'];
$ext = $file_info['extension'];

//Check file has the right extension           
if (!in_array($ext, $whitelist_ext)) {
$out['error'][] = "Invalid file Extension";
}

//Check that the file is of the right type
if (!in_array($_FILES['file_field']["type"], $whitelist_type)) {
$out['error'][] = "Invalid file Type";
}

//Check that the file is not too big
if ($_FILES['file_field']["size"] > $max_size) {
$out['error'][] = "File is too big";
}

//If $check image is set as true
if ($check_image) {
if (!getimagesize($_FILES['file_field']['tmp_name'])) {
$out['error'][] = "Uploaded file is not a valid image";
}
}

//Create full filename including path
if ($random_name) {
// Generate random filename
$tmp = str_replace(array('.',' '), array('',''), microtime());

if (!$tmp || $tmp == '') {
$out['error'][] = "File must have a name";
}     
$newname = $tmp.'.'.$ext;                                
} else {
$newname = $name.'.'.$ext;
}

//Check if file already exists on server
if (file_exists($path.$newname)) {
$out['error'][] = "A file with this name already exists";
}

if (count($out['error'])>0) {
//The file has not correctly validated
return $out;
} 

if (move_uploaded_file($_FILES['file_field']['tmp_name'], $path.$newname)) {
//Success
$out['filepath'] = $path;
$out['filename'] = $newname;
return $out;
} else {
$out['error'][] = "Server Error!";
}

} else {
$out['error'][] = "No file uploaded";
return $out;
}      
}
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);

mysql_query("INSERT INTO photo (photo)
VALUES ('{$_FILES['file_field']['tmp_name']}')");


mysql_close($con);
?>


应该是:


//Make sure that there is a file
if((!empty($_FILES['file_field'])) && ($_FILES['file_field']['error'] == 0)) {



程序员不工作,文件上传工作正常;)另一个注意事项是:首先应该替换所有的
mysql.*
函数。从
PHP5.5.0
开始,它们已被弃用。使用类似于或@StevenFarley的东西,我刚刚从代码中删除了MySQL部分,以检查它在没有它的情况下是否工作,但没有任何更改。。。你检查文件上传工作了吗?

//Make sure that there is a file
if((!empty($_FILES['file_field'])) && (count($_FILES['file_field']['error']) == 0)) {