Fatal编程技术网
  • php/
  • 允许在php中使用某些文件类型

允许在php中使用某些文件类型

php file

允许在php中使用某些文件类型,php,file,upload,Php,File,Upload,我试图允许用户上传图片到我的网站。我当前使用的php代码总是给出一个错误,即上传的文件类型无效。我尝试了大量的图片,它们都给出了这个错误 下面是php代码 <?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); // These will be the types of file that will pass the val

我试图允许用户上传图片到我的网站。我当前使用的php代码总是给出一个错误,即上传的文件类型无效。我尝试了大量的图片,它们都给出了这个错误

下面是php代码

<?php
   // Configuration - Your Options
      $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); // These will be the types of file that will pass the validation.
      //$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
      $upload_path = 'uploads'; // The place the files will be uploaded to (currently a 'files' directory).

   $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

   // Check if the filetype is allowed, if not DIE and inform the user.
   if(!in_array($ext,$allowed_filetypes))
      die('The file you attempted to upload is not allowed.');

   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die('The file you attempted to upload is too large.');

   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.');

   // Upload the file to your specified path.
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
         echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
      else
         echo 'There was an error during the file upload.  Please try again.'; // It failed :(.

?>

此代码存在一些问题,包括获取文件扩展名的代码在一般情况下无法正常工作。用这个替换它,它还可以解决您当前的问题:


$ext = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
$allowed_filetypes = array('jpg','gif','bmp','png','jpeg');



您还应该注意上面的警告。
您的表单似乎没有提交按钮广告代码。您假定上载成功。您假设上传者没有伪造文件名(例如,
ren nastyvirus.exe cutekittens.jpg
),进行应该在服务器级别强制执行的大小检查,并允许用户指定路径和文件名,可能允许他们在您服务器上的任何目录上涂鸦。更改为这些目录时,上载文件时仍然会出现错误。@WillGilstrap:
$ext
的值是多少?我不知道。我对PHP非常基础。

$ext = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
$allowed_filetypes = array('jpg','gif','bmp','png','jpeg');