0

所以我编写了一个脚本来将用户头像上传到服务器并在数据库中更改 url(感谢 YT 教程:))现在我希望进行文件检查,以确保用户不会上传除 JPG、JPEG、PNG 以外的其他文件, GIF 和大于 10MB 的。我想做的第二件事是,当用户上传他的头像时,它会删除旧头像并将文件名更改为随机数字..

所以现在我有点卡住了,不知道从哪里开始,有人可以帮忙吗?:) 我在谷歌上找不到一个有用的教程,它尽可能简单地适合这个代码..

到目前为止我写的代码;

if (isset($_POST['submit'])) {
$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
$allowedExts = array("jpg", "jpeg", "gif", "png");

if ($name) {
    $location = "uploads/avatars/$name";
    move_uploaded_file($tmp_name, $location);

    $query = mysql_query("UPDATE users SET avatar = '$name' WHERE id = '$session_user_id'");
    echo 'Your avatar has been changed sucessfully!';
}else {
echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';}
4

4 回答 4

0

您应该检查 $_FILE 关联数组的“类型”和“大小”字段,以验证您收到的文件类型(在您的情况下为图像)和文件的大小。

于 2012-11-18T17:29:29.860 回答
0

文件大小

全局限制

您可以在以下位置全局限制文件大小php.ini

upload_max_filesize = 10M

本地限制

或者,您可以执行以下操作:

const('IMG_MAX_SIZE', 10485760); // 10 MB

if ($_FILES['file']['size'] > IMG_MAX_SIZE) {
    // display error message then exit
}
// save image

文件类型

检查扩展名不是一个好主意

您可以检查扩展名,但这并不意味着该文件确实是它所指示的类型。它可以是重命名为 的视频.png

检查客户端报告的 mime 类型

要确定真实类型,请检查客户端返回的 mime 类型:

$allowed_types = array('image/png', 'image/jpeg', 'image/gif');
if (!in_array($_FILES['file']['type'], $allowed_types)) {
    // display error message (invalid file type) then exit
}

保存后确定真实的mime类型

如果您想确保文件的类型正确(客户端可以报告它想要的任何类型,以便恶意用户可以欺骗您的脚本),请在使用 Fileinfo 保存文件后检查它:

http://php.net/manual/en/function.finfo-file.php

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $filename) . "\n";
finfo_close($finfo);

if (!in_array($_FILES['file']['type'], $allowed_types)) {
    // display error message (invalid file type) then exit
}
于 2012-11-18T17:29:49.483 回答
0

看起来你已经成功了一半。只需根据$allowedExtensions数组检查文件扩展名。

<?php
    if (isset($_POST['submit'])) {
    $name = $_FILES['myfile']['name'];
    $tmp_name = $_FILES['myfile']['tmp_name'];
    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $isValidFormat = in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions);
    $fileSize = $_FILES['myfile']['size'];
    $maxFileSize = 10485760; // == 10M
        if ($isValidFormat && $fileSize < 10485760) { // Changed the if statement
            if($_FILES['myfile']['file_size'])

            $location = "uploads/avatars/$name";
            move_uploaded_file($tmp_name, $location);

            $query = mysql_query("UPDATE users SET avatar = '$name' WHERE id = '$session_user_id'");
            echo 'Your avatar has been changed sucessfully!';
        }else {
            echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';
        }
    }
?>
于 2012-11-18T17:32:31.963 回答
0 
if($_FILES){
    $allowedExtensions = array("jpg", "jpeg", "gif", "png");
    $f = $_FILES;

    foreach($f as $key=>$val){
        if(!empty($val['tmp_name'])){
            $ext = end(explode(".",strtolower(basename($val['name']))));

            if($val['size'] > 10485760){ // handle size
                echo 'Image is too large';
            }elseif(!in_array($ext,$allowedExtensions)){ // handle extension
                echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';
            }else{
                $val['name'] = 'YOUR_RANDOM_FILE_NAME'.$ext;
                $location = "uploads/avatars/".basename($val['name']);

                if(move_uploaded_file($val['tmp_name'],$location)){ //handle upload

                    $query = mysql_query("UPDATE users SET avatar = '".$val['name']."' WHERE id = '$session_user_id'");
                    echo 'Your avatar has been changed sucessfully!';

                }else{
                    echo 'An error occured on upload.';
                }
            }
        }
    }
}
于 2012-11-18T17:40:28.437 回答