0

我的任务要求我让用户将 .gif 文件扩展名上传到文件夹,并在上传后显示它们。

我得到了表单和处理页面,但我似乎无法让它们工作。我将目录的权限设置为 rwxrwxrwx 以对其进行测试。

上传文件代码:

<html>
  <head>
<title>Assignment 7 Part II -- Art Gallery</title>
  </head>
  <body>
    <form method="post" action="a7a2.php" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="50000">
    Your file: <input type="file" name="uploadFile" /><br />
    <input type="submit" value="Upload it">
  </form>
</body>
</html>

代码:

<html>
      <head>
        <title>Assignment 7 Part II -- Art Gallery Results</title>
      </head>
      <body>

      <?php
      $uploadDir = 'images/';
      $uploadFileDir = $uploadDir . basename($_FILES['uploadFile']['name']);                                                   
      if(isset($_FILES['uploadFile'])) {
          if($_FILES['uploadFile']['error'] != UPLOAD_ERR_OK ||
          $_FILES['uploadFile']['mime'] != "image/gif") {
          print "<p>File not uploaded successfully!</p>";
          print "<p>Please make sure the file has the correct file extension: .gif</p>"; 
          print "<p><a href='a7p2.php'>Try uploading again</a>";
          var_dump($_FILES['uploadFile']['error']);
          die;
          } else {
          move_uploaded_file($_FILES['uploadFile']['name'], $uploadFileDir) or die("Can't move file to $uploadFileDir");   
          print "<p>Success!</p>";
          }
      }

      $uploadedFiles = glob("/students/ryan/php/images/*.gif");
      if($uploadedFiles != false) {
          print "<p>Here are pictures from the art gallery: </p>";
          foreach($uploadedFiles as $file) {
          $url = "http://hills.ccsf.edu/~ryan/images/" . substr($file, strrpos($file, '/') + 1);
          print "<p><img src=\"$url\"></p>";
          }
      } else {
          print "There are no pictures in the art gallery";
      }
      ?>

      </body>
    </html>

或相同的代码,链接到下面的代码:

http://pastebin.com/JNxwy323

4

2 回答 2

3

依赖浏览器告诉您文件的 MIME 类型是不安全的。相反,您应该检查文件是否是它应该是的。在这种情况下:

if( !@imagecreatefromgif($_FILES['uploadFile']['tmp_name'])) {
    // file is not a valid GIF image
}
于 2012-10-21T23:26:53.527 回答
-1

您需要为 move_uploaded_file 使用 tmp_name 而不是 name

 move_uploaded_file($_FILES['uploadFile']['tmp_name'], $uploadFileDir) or die("Can't move file to $uploadFileDir");

也代替 $_FILES['uploadFile']['mime'] != "image/gif") {

它应该是 $_FILES['uploadFile']['type'] != "image/gif") {

于 2016-08-25T20:24:56.290 回答