允许在php中使用某些文件类型
我试图允许用户上传图片到我的网站。我当前使用的php代码总是给出一个错误,即上传的文件类型无效。我尝试了大量的图片,它们都给出了这个错误 下面是php代码允许在php中使用某些文件类型,php,file,upload,Php,File,Upload,我试图允许用户上传图片到我的网站。我当前使用的php代码总是给出一个错误,即上传的文件类型无效。我尝试了大量的图片,它们都给出了这个错误 下面是php代码 <?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); // These will be the types of file that will pass the val
<?php
// Configuration - Your Options
$allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); // These will be the types of file that will pass the validation.
//$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
$upload_path = 'uploads'; // The place the files will be uploaded to (currently a 'files' directory).
$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
// Upload the file to your specified path.
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
else
echo 'There was an error during the file upload. Please try again.'; // It failed :(.
?>
此代码存在一些问题,包括获取文件扩展名的代码在一般情况下无法正常工作。用这个替换它,它还可以解决您当前的问题:
$ext = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
$allowed_filetypes = array('jpg','gif','bmp','png','jpeg');
您还应该注意上面的警告。您的表单似乎没有提交按钮广告代码。您假定上载成功。您假设上传者没有伪造文件名(例如,ren nastyvirus.exe cutekittens.jpg
),进行应该在服务器级别强制执行的大小检查,并允许用户指定路径和文件名,可能允许他们在您服务器上的任何目录上涂鸦。更改为这些目录时,上载文件时仍然会出现错误。@WillGilstrap:$ext
的值是多少?我不知道。我对PHP非常基础。
$ext = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
$allowed_filetypes = array('jpg','gif','bmp','png','jpeg');