1

我已经查看了相同的代码两个小时了,但我无法弄清楚问题所在。它一定很傻,因为我得到一个未定义的索引错误,但我只是没有看到它。请给它一些新鲜的眼睛!

实际错误:

注意:未定义的索引:第 104 行 [redacted] 中的 paper_attach

注意:未定义索引:第 105 行 [redacted] 中的 paper_attach 错误:未上传文件

的HTML:

    <label for="paper_attach">Attach the paper:</label> <input type="file" name"paper_attach" class="paper_metadata"><br />
       <label class="textarea" for="comments">Comments:</label><br /> <textarea name="comments"><?php if (isset($comments)) { echo $comments;} ?></textarea><br /><br />

    <input type="submit" value="Save">

</form>

PHP:

//Сheck that we have a file
        if(!empty($_FILES['paper_attach'])) {
            //Check if the file is pdf, doc or docx and it's size is less than 20MB
            $filename = basename($_FILES['paper_attach']['name']);
            $ext = substr($filename, strrpos($filename, '.') + 1);

            if ((($ext == "pdf") && ($_FILES["paper_attach"]["type"] == "application/pdf")) or  (($ext == "doc") && ($_FILES["paper_attach"]["type"] == "application/msword")) or (($ext == "docx") && ($_FILES["paper_attach"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")) 
                && ($_FILES["paper_attach"]["size"] < 20000000)) {
                //Determine the path to which we want to save this file
                $attachment_url = 'uploads/'.$filename;
                //Check if the file with the same name already exists on the server
                if (!file_exists($attachment_url)) {
                    //Attempt to move the uploaded file to it's new place
                    if ((move_uploaded_file($_FILES['paper_attach']['tmp_name'],$attachment_url))) {
                        echo "It's done! The file has been saved as: ".$attachment_url;

                        // ** VALIDATIONS PENDING
                        $query = "SELECT [redacted]";
                        if ($query_run = mysql_query($query)) {
                            $query_num_rows = mysql_num_rows($query_run);
                            assert($query_num_rows<= 1);

                            if ($query_num_rows === 0) {
                                // There's no row with this pmid, so we can add it
                                $query = "INSERT [redacted]";

                                if ($query_run = mysql_query($query)) {
                                    header('Location: success.php');
                                }

                            } elseif ($query_num_rows === 1) {
                                echo 'There already is a paper with the PMID: '.$pmid.' in the database.';

                            }
                        }

                    } else {
                        echo "Error: A problem occurred during file upload!";
                    }

                } else {
                    echo "Error: File ".$_FILES["paper_attach"]["name"]." already exists";
                }
            } else {
                echo "Error: Only .doc, .docx or .pdf files under 20MB are accepted for upload.";
            }

        } else {
            echo $_FILES['paper_attach'];
            echo "Error: No file uploaded <br />".$_FILES['paper_attach']['error'];

        }
4

2 回答 2

1

你忘记了 = 你<input type="file">应该是:

<input type="file" name="paper_attach" class="paper_metadata" />

而不是你的

<input type="file" name"paper_attach" class="paper_metadata">
于 2012-10-11T15:25:36.907 回答
1

您缺乏上传实际成功的任何验证,并且您的所有处理代码都假设一切正常。例如,您至少需要:

if ($_FILES['paper_attach']['error'] !== UPLOAD_ERR_OK) {
   die("Upload failed with error code " . $_FILES['paper_attach']['error']);'
}

同样,其他问题:

  1. 您的代码中没有任何地方定义了 $pmid,但是您使用它作为插入查询和 http 重定向。
  2. 您正在使用 user-provided['type']属性进行文件类型验证,从而允许恶意用户将任何类型的文件上传到您的服务器。
于 2012-10-11T15:26:22.167 回答