0

我想根据表单提交中的隐藏值更改上传目录。

如您所见,我在表单上提交的 move_uploaded_file 之后有一个 POST,但如果我添加目录位置,它无法上传。在此之前已将目录创建为 POST 值。谢谢

<?php
session_start();
if($_SESSION['myusername'] == 'admin')  
  { 
 $header = 'headeradmin.php';
  }
 elseif (!empty($_SESSION['myusername']))
 {
 $header = 'header.php';
 }
 else
  {header("location:../../login");}

require_once '../../connect.php';

$loggedin= $_SESSION['myusername'];
$result = mysql_query("SELECT * FROM login");
if (!$result) { // add this check.
    die('Invalid query: ' . mysql_error());
}

$id = $_GET['id'];


?>
<!DOCTYPE>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Image upload</title>
<link href='http://fonts.googleapis.com/css?family=Boogaloo' rel='stylesheet' type='text/css'>
<link rel="StyleSheet" href="../../custom.css" type="text/css"/>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js"></script>
<script type="text/javascript" src="js/multiupload.js"></script>
<script type="text/javascript">
var config = {
    support : "image/jpg,image/png,image/bmp,image/jpeg,image/gif",     // Valid file formats
    form: "demoFiler",                  // Form ID
    dragArea: "dragAndDropFiles",       // Upload Area ID
    uploadUrl: "upload.php"             // Server side upload url
}
$(document).ready(function(){
    initMultiUploader(config);
});
</script>
<link href="css/style.css" type="text/css" rel="stylesheet" />
</head>
<body lang="en">

<div id="content">

<?php require_once $header;

$sql_query = mysql_query("SELECT * FROM clients WHERE `id` = $id");
while($row = mysql_fetch_array($sql_query))
  {
$username = $row['firstname'] . ' ' . $row['lastname'];

if (!file_exists('uploads/' . $username )) {
    mkdir('uploads/' . $username, 0777, true);
}
  }

 ?>
<h1 class="title">Multiple Drag and Drop File Upload</h1>
<div id="dragAndDropFiles" class="uploadArea">
    <h1>Drop Images Here</h1>
</div>
<form name="demoFiler" id="demoFiler" enctype="multipart/form-data">
<input type="file" name="multiUpload" id="multiUpload" multiple />
<input type="hidden" value="<?php echo $username; ?>" name="username" id="username"/>
<input type="submit" name="submitHandler" id="submitHandler" value="Upload" class="buttonUpload" />
</form>
<div class="progressBar">
    <div class="status"></div></div>
</div>
</body>
</html>

这就是表单被重定向的地方,我现在已经删除了回声,但它似乎不起作用。

<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
    if(move_uploaded_file($_FILES['file']['tmp_name'], 'uploads/' . $_POST['username'] . '/' .$_FILES['file']['name'])){
        echo($_POST['index']);
    }
    exit;
}
?>
4

2 回答 2

1

首先这段代码是,这段代码不是很安全。用户可以在那里写任何东西。其次,不要在函数中使用 echo。只需 $_POST['username']。

于 2013-07-28T22:31:35.597 回答
0

您需要删除回声

 if(move_uploaded_file($_FILES['file']['tmp_name'], 'uploads/' . $_POST['username'] . '/' .$_FILES['file']['name'])){

我还建议不要使用$_POST['username'],而是使用$_SESSION['username'],除非我遗漏了什么并且您允许用户将文件上传到其他用户目录

于 2013-07-28T22:30:19.530 回答