0

我正在尝试从 php 脚本上传文件 (imageupload.php) 的页面中检索文件名,并且我想在 javascript 函数 (QandATable.php) 中的另一个页面中显示它。但我不知道该怎么做

我将向您展示所有相关代码,以便您可以遵循它,以便您能够理解正在发生的事情。

更新:下面我将向您展示如何上传文件的步骤。下面的代码成功上传了文件。

下面是表格(QandATable.php);

var $fileImage = $("<form action='imageupload.php' method='post' enctype='multipart/form-data' target='upload_target' onsubmit='return imageClickHandler(this);' class='imageuploadform' >" + 
<label>Image File: <input name='fileImage' type='file' class='fileImage' /></label><br/><label class='imagelbl'>" + 
"<input type='submit' name='submitImageBtn' class='sbtnimage' value='Upload' /></label>" + 
"</p><ul class='listImage' align='left'></ul>" +
"<iframe class='upload_target' name='upload_target' src='#' style='width:0;height:0;border:0px;solid;#fff;'></iframe></form>");

在用户提交表单的同一页面上,它会进入下面的函数,它会检查验证,然后当验证清楚时,它会进入startImageUpload()函数:

 function imageClickHandler(imageuploadform){ 
      if(imageValidation(imageuploadform)){ 
          return startImageUpload(imageuploadform); 
      } 
      return false;
  }

如果没有验证,那么它将进入隐藏文件输入的下面的 JS 函数 (QandATable.php),并将表单提交到文件上传发生的 imageupload.php。上传文件后,它会回调 stopImageUpload() 函数(QandAtable.php),在该函数中它将显示有关文件是否已上传的消息,这就是我希望来自服务器的文件名的位置附加。

下面是 startImageUpload() 函数:

var sourceImageForm;

function startImageUpload(imageuploadform){

$(imageuploadform).find('.fileImage').css('visibility','hidden');
sourceImageForm = imageuploadform;

return true;
        }

下面是上传文件 (imageupload.php) 的 php 脚本:

    <?php

    session_start();

    $result = 0;

    if( file_exists("ImageFiles/".$_FILES['fileImage']['name'])) {
        $parts = explode(".",$_FILES['fileImage']['name']);
        $ext = array_pop($parts);
        $base = implode(".",$parts);
        $n = 2;

        while( file_exists("ImageFiles/".$base."_".$n.".".$ext)) $n++;
        $_FILES['fileImage']['name'] = $base."_".$n.".".$ext;

        move_uploaded_file($_FILES["fileImage"]["tmp_name"],
        "ImageFiles/" . $_FILES["fileImage"]["name"]);
        $result = 1;

    }
        else
          {
          move_uploaded_file($_FILES["fileImage"]["tmp_name"],
          "ImageFiles/" . $_FILES["fileImage"]["name"]);
          $result = 1;     

          }

    ?>

    <script language="javascript" type="text/javascript">
window.top.window.stopImageUpload(<?php echo $result;?>);
</script>

最后,当上传完成时,它会返回到 stopUploadImage() 函数 (QandATable.php) 以显示有关文件是否成功上传的消息。这也是我希望从服务器上传的文件名被附加的地方。

   function stopImageUpload(success){

          var result = '';
          if (success == 1){
result = '<span class="msg">The file was uploaded successfully!</span><br/><br/>';
             $('.listImage').append('<br/>');
          }
          else {
result = '<span class="emsg">There was an error during file upload!</span><br/><br/>';
          }

    return true;

    }
4

1 回答 1

2

$_POST不会包含fileimagename. 相反,您的表单输入被称为fileImage. 改用它:

// Check $_POST for fileImage, which was the form input name
if (isset($_POST['fileImage'])) {
  $_SESSION['fileimagename'] =  $_FILES['fileImage']['name'];
  // Proceed with the file upload and save.
}
else {
 // oops, can't proceed
}

在 JavaScript 页面上,在访问值时进行一些错误检查:

<?php
session_start();
if (isset($_SESSION['fileimagename'])) {
  $fileimagename = $_SESSION['fileimagename'];
  // output JS code...
?>
 <script type="text/javascript">Your JS code here...</script>
<?php
}
else {
  // No filename - can't proceed with JavaScript code
  // Display an eror or a message with instructions for user...
}

注意:不要使用用户提供的文件名来存储图像!它使您面临目录遍历攻击,并使用户可以在 Web 服务器具有写入权限的文件系统上的任何位置写入文件。

// This is unsafe!
move_uploaded_file($_FILES["fileImage"]["tmp_name"], "ImageFiles/" . $_FILES["fileImage"]["name"]);

相反,通常将值$_FILES['fileImage']['name']与实际文件的标识符值一起存储在数据库中,并使用标识符将其存储在磁盘上。

$info = pathinfo($_FILES['fileImage']['name']);
// Get the original extension
$filext = $info['extension'];
// Make a unique filename and add the extension
$stored_filename = uniqid() . $filext;

// Use that to store the file on disk
move_uploaded_file($_FILES["fileImage"]["tmp_name"], $stored_filename);

// Now store BOTH $_FILES['fileImage']['name'] and $stored_filename in your database together
// The original user-supplied filename can be used for display, but isn't used on disk
于 2012-04-19T12:45:57.933 回答