1

我有一个多图像上传脚本,它调整图像大小并创建缩略图。出于一些奇怪的原因,一些图像确实没有。在这种情况下,图像尺寸很小,并且是 JPEG 类型的文件。由于某种原因,它没有通过。它与其他图像完美配合。我对单个文件使用相同的脚本,它会上传该图像文件。请帮忙!谢谢!

<?php require_once("../includes/connection.php"); ?>
<?php require_once("../includes/functions.php"); ?>
<?php 
$albumName = $_GET['album'];
$albumDate = $_GET['date'];
$albumId = $_GET['id'];
$upload_path = "/home/elevat17/public_html/images/gallery/"; //location
$images = $_FILES['userFile']['name'];
$temps = $_FILES['userFile']['tmp_name'];
$types = $_FILES['userFile']['type'];
$errors = $_FILES["userFile"]["error"];
if ($_FILES["userFile"]["name"]=="") {echo "You must choose a file to upload!";}
if(in_array("", $images)) {die('Select an image to upload.');}


else

{
for ($n=0; isset($images[$n]) && isset($temps[$n]) && isset($types[$n]) && isset($errors[$n]); $n++) {
if ((($types[$n] == "image/gif")

|| ($types[$n] == "image/jpeg")

|| ($types[$n] == "image/pjpeg")

|| ($types[$n] == "image/png")

|| ($types[$n] == "image/jpg")

|| ($types[$n] == "image/x-png")))


{

if ($errors[$n] > 0)

{

$content =  "Return Code: " . $errors[$n] . "<br />";

}

else

{

$content =  "Upload: " . $images[$n] . "<br />";

$content =  "Type: " . $types[$n] . "<br />";

$content =  "<br/><br/>";



if (file_exists($upload_path . $images[$n]))

{

die($images[$n].' already exists. Upload cancelled!');

}

else

{

$uploadedfile = $temps[$n];

$image = $images[$n];

$size = getimagesize($uploadedfile);

$type = $size['mime'];

$width = $size[0];

$height = $size[1];

if($height > '900' || $width > '600')

{ 

$newwidth=600; // NEW WIDTH 

$newheight=($height/$width)*$newwidth;

$tmp=imagecreatetruecolor($newwidth,$newheight);

$filename = $upload_path.$image;



if($size[2] == IMAGETYPE_GIF)

    {

        $src = imagecreatefromgif($uploadedfile);

        imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);

        imagegif($tmp,$filename,100);

    }

elseif($size[2] == IMAGETYPE_JPEG)

    {

        $src = imagecreatefromjpeg($uploadedfile);

        imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);

        imagejpeg($tmp,$filename,100);

    }

elseif($size[2] == IMAGETYPE_PNG) 

    {

        $src = imagecreatefrompng($uploadedfile);

        imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);

        imagepng($tmp,$filename,9);

    }
crop_img(75,75);
move_uploaded_file($uploadedfile, $filename);
imagedestroy($src);

imagedestroy($tmp);

}

else

{      




}
$query = "INSERT INTO photos (photo_name, in_album) VALUES ('{$image}', $albumId)";
            if (mysql_query($query)) {header("location: edit_album.php?id={$albumId}");}




}

}

}

else { $content     =  "Invalid file"; }

}

}

?>
<?php require("../includes/footer.php"); ?>
4

1 回答 1

0

您没有检查上传是否成功并且假设它已经成功。这是编写代码的一种不好的方式。上传成功只有一种方法,失败的方法有很多种。

您还假设进行上传的人没有恶意,并且不会在上传之前简单地将其重命名nastyvirus.executekittens.jpg

至少,你需要有

if ($_FILES['userfile']['error'] !== UPLOAD_ERR_OK) {
    die('Upload failed with error code ' . $_FILES['userfile']['error']);
}

以确保您确实有一些有用的东西可以使用,然后使用http://php.net/fileinfo之类的东西让服务器确定文件的类型。

永远不要相信用户发送给您的内容。

于 2012-05-06T03:12:21.103 回答