4

就像标题一样,我想更改用户通过表单上传的文件的文件名。这是代码

HTML 

    <form action="editprofile.php" method="POST" enctype="multipart/form-data">
         <p>Upload your image:<p /><input type="file" name="myfile"></p><br />
         <p><input type="radio" name="type" value="defaultDot">Use Default</p>
         <p><input type="submit" name="updateAvatar"></p>
    </form>

这是我的 php 脚本,它将上传的文件移动到正确的目录
PHP 

    $name = $_FILES['myfile']['name'];
    $tmp_name = $_FILES['myfile']['tmp_name'];
    $size = getimagesize($_FILES['myfile']['tmp_name']);
    if($name){
        //start upload process
        if($size != FALSE){
            $location = "images/avatars/$name";
            move_uploaded_file($tmp_name, $location);
            $query = mysql_query("UPDATE users SET avatar='$location' WHERE id=$id");
            $avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Uploaded Image!.</font></p>';
        }else{
            $avaMessage = '<p><font size=2 color=red face=Tahoma>Please only submit image files!</font></p>';
        }
    }

我怎样才能给图像一个自定义名称?例如,我有一个名为$username的变量,它存储用户名的会话变量。如果我想将图像命名为具有相同文件扩展 名的$username变量怎么办?

编辑:编辑:编辑:
添加了你的 if 语句劳伦斯,我交换了 move_upload_files 中的变量,但它仍然不起作用......
代码

if($_SERVER['REQUEST_METHOD']=='POST' && isset($username) && is_numeric($id)
&& isset($_FILES['myfile']['error']) && $_FILES['myfile']['error']=='UPLOAD_ERR_OK'){
if($_POST['type'] != "defaultDot"){
    //$avaURL = $_POST['url'];
    //$updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
    //$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Uploaded!</font></p>';
    $name    = basename($_FILES['myfile']['name']);
    $ext     = end(explode('.', $name));
    $move_to = "images/avatars/".preg_replace('/[^a-zA-Z0-9.-]/s', '_',$username).'.'.$ext;
    $info    = getimagesize($_FILES['myfile']['tmp_name']);

    if($name){
        //start upload process
            $allowed = array('image/png','image/jpg','image/gif');
            if($info[0]>0 && $info[1] > 0 && in_array($info['mime'],$allowed)){
                if($info[0]>200 || $info[1] > 200){
                    //File dimensions too large
                    $avaMessage = '<p><font size=2 color=red face=Tahoma>File dimensions too large.</font></p>';
                }else{
                    //File put contents will over write if file exsist
                    move_uploaded_file($_FILES['myfile']['tmp_name'], $move_to);
                    mysql_query("UPDATE users
                                SET avatar='".mysql_real_escape_string($move_to)."' 
                                WHERE id=".$id." AND owner='".$_SESSION['username']."'");
                    $avaMessage = 'Avatar Updated - Uploaded Image!.';
                }
            }else{
                $avaMessage = '<p><font size=2 color=red face=Tahoma>Please only submit image files!</font></p>';
            }   
    }else{
        $avaMessage = '<p><font size=2 color=red face=Tahoma>Please select a file!</font></p>';
    }

}else{
$avaURL = 'images/avatars/default.png';
$updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Default.</font></p>';
}
}

即使使用固定的“POST”劳伦斯仍然无法工作......

4

2 回答 2

1

我认为http://php.net/manual/en/function.pathinfo.php会做你需要的。解析 $location 并重建它,用您的 $username 替换 basename 字段。

于 2012-04-22T08:12:36.717 回答
1

这是一种安全且安全的方法,发布请求需要检查,仅检查$name是不够的,$username需要去除任何特殊字符,$id需要检查其集合并且是数字,需要查找特定于文件的类型扩展名,还允许 mime 类型需要交叉匹配,加上宽度和高度大小需要检查,需要考虑很多,上传可能非常不安全,更不用说图像可以将 php 注入文件注释中,如果处理不当可能会被执行:

<?php 

if($_SERVER['REQUEST_METHOD']=='POST' && isset($username) && is_numeric($id)
&& isset($_FILES['myfile']['error']) && $_FILES['myfile']['error']=='UPLOAD_ERR_OK'){

    $name    = basename($_FILES['myfile']['name']);
    $ext     = end(explode('.', $name));
    $move_to = "images/avatars/".preg_replace('/[^a-zA-Z0-9.-]/s', '_',$username).'.'.$ext;
    $info    = getimagesize($_FILES['myfile']['tmp_name']);

    //not more then 200px
    if($info[0]>200 || $info[1] > 200){
        //file too large
    }

    $allowed = array('image/png','image/jpg','image/gif');
    if($info[0]>0 && $info[1] > 0 && in_array($info['mime'],$allowed)){
        move_uploaded_file($_FILES['myfile']['tmp_name'],$move_to);
        mysql_query("UPDATE users
                     SET avatar='".mysql_real_escape_string($move_to)."' 
                     WHERE id=".$id." AND owner='".$_SESSION['username']."'");
        $avaMessage = 'Avatar Updated - Uploaded Image!.';
    }else{
        //Not allowed
    }
}
?>

<form action="" method="POST" enctype="multipart/form-data">
     <!--1 MB = 1048576 bytes-->
     <input type="hidden" name="MAX_FILE_SIZE" value="1048576" />

     <p>Upload your image:<p /><input type="file" name="myfile"></p><br />
     <p><input type="radio" name="type" value="defaultDot">Use Default</p>
     <p><input type="submit" name="updateAvatar"></p>
</form>

更新编辑 这是上传过程的 OOP 版本,也许你会觉得它很有趣,我也添加了所有可能的错误;p

<?php 
Class updateUserAvatar{
    public $upload_path;
    public $full_path;
    public $name;
    public $size;
    public $ext;
    public $output;
    public $input;
    public $prefix;
    private $allowed;

    function upload(){
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            if(isset($_FILES[$this->input]['error'])){
                if($_FILES[$this->input]['error'] == 0){
                    $this->name      = basename($_FILES[$this->input]['name']);
                    $file_p          = explode('.', $this->name);
                    $this->ext       = end($file_p);
                    $this->full_path = rtrim($this->upload_path,'/').'/'.preg_replace('/[^a-zA-Z0-9.-]/s', '_', $this->prefix).'.'.$this->ext;
                    $info            = getimagesize($_FILES[$this->input]['tmp_name']);
                    $this->size      = filesize($_FILES[$this->input]['tmp_name']);

                    if($info[0]>$this->allowed['dimensions']['width'] || $info[1] > $this->allowed['dimensions']['height']){
                        $this->output = 'File dimensions too large!';
                    }else{
                        if($info[0] > 0 && $info[1] > 0 && in_array($info['mime'],$this->allowed['types'])){
                            move_uploaded_file($_FILES[$this->input]['tmp_name'],$this->full_path);
                            $this->output = 'Upload success!';
                        }else{
                            $this->output = 'File not supported!';
                        }
                    }
                }else{
                    if($_FILES[$this->input]['error']==1){$this->output = 'The uploaded file exceeds the upload_max_filesize directive!';}
                    if($_FILES[$this->input]['error']==2){$this->output = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in our HTML form!';}
                    if($_FILES[$this->input]['error']==3){$this->output = 'The uploaded file was only partially uploaded!';}
                    if($_FILES[$this->input]['error']==4){$this->output = 'No file was uploaded!';}
                    if($_FILES[$this->input]['error']==6){$this->output = 'Missing a temporary folder!';}
                    if($_FILES[$this->input]['error']==7){$this->output = 'Failed to write uploaded file to disk!';}
                    if($_FILES[$this->input]['error']==8){$this->output = 'A PHP extension stopped the file upload!';}
                }
            }
        }
    }

    function setPath($var){
        $this->upload_path = $var;
    }
    function setAllowed($var=array()){
        $this->allowed = $var;
    }
    function setFilePrefix($var){
        $this->prefix = preg_replace('/[^a-zA-Z0-9.-]/s', '_', $var);
    }
    function setFormInput($var){
        $this->input = $var;
    }
}//END CLASS


if($_POST['type'] != "defaultDot"){
    //Setup
    $upload = new updateUserAvatar();
    $upload->setPath('./images/avatars/');
    $upload->setFilePrefix($username);
    $upload->setAllowed(array('dimensions'=>array('width'=>200,'height'=>200),
                              'types'=>array('image/png','image/jpg','image/gif')));
    $upload->setFormInput('myfile');
    $upload->upload();

    if($upload->output == 'Upload success!'){
        //do query
        $updateURL = mysql_query("UPDATE users SET avatar='$upload->full_path' WHERE id=$id");
    }
    //message
    $avaMessage = $upload->output;
}else{
    $avaURL = 'images/avatars/default.png';
    $updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
    $avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Default.</font></p>';
}
?>
于 2012-04-22T08:56:23.137 回答