0

嗨,我对 php 很陌生,但我一直在关注一些教程,但它们似乎不起作用,所以我试图适应它们。我已经测试了这段代码,它可以工作到一定程度,但还有一些我无法理解的东西,php文件没有上传(很好),但细节仍然被写入数据库,尽管$ ok是spose设置为 0(不好)。如果解释这里发生的事情可能会更容易:

- 用户可以上传 gif 或 jpeg 文件。添加到数据库的详细信息。- 用户不能上传任何文件,因为将使用默认值。添加到数据库的详细信息。- 用户不能上传任何其他文件。数据库上不应该有任何记录,用户应该再试一次。

到目前为止我的代码:

<?php

//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
$ok=0; 


//This gets all the other information from the form
$name= mysql_real_escape_string ($_POST['nameMember']);
$bandMember= mysql_real_escape_string ($_POST['bandMember']);
$pic= mysql_real_escape_string ($_FILES['photo']['name']);
$about= mysql_real_escape_string ($_POST['aboutMember']);
$bands= mysql_real_escape_string ($_POST['otherBands']);

$uploaded_size=$_FILES['photo']['file_size']; 
if ($uploaded_size > 350000)
{
echo "Your file is too large, 35Kb is the largest file you can upload.<br>";
$ok=0;
} 
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
} 

if (!($uploaded_type =="image/jpeg"))
{
echo "JPEG<br>";$ok=1;
} 

if ($uploaded_type =="image/gif")
{
echo "GIf<br>";$ok=1;
} 

if (empty($pic)){
echo "You haven't uploaded a photo, a default will be used instead.<br/>";$ok=1;}


if ($ok==0)
{
Echo "Sorry your file was not uploaded, please try again with the correct format.";
}

//If everything is ok we try to upload it
else
{ 

// Connects to your Database
mysql_connect("localhost", "*******", "******") or die(mysql_error()) ;
mysql_select_db("project") or die(mysql_error()) ;

//Writes the information to the database
mysql_query("INSERT INTO dbProfile (nameMember,bandMember,photo,aboutMember,otherBands)
VALUES ('$name', '$bandMember', '$pic', '$about', '$bands')") ;

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory<br/>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
else {

//Gives and error if its not
echo "<p>If you have uploaded a picture there may have been a problem uploading your file.</p>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
}
?>

提前喝彩。CHL

4

1 回答 1

1

错误可能是这个 if 语句:

  if (!($uploaded_type =="image/jpeg"))
  {
    echo "JPEG<br>";$ok=1;
  }

因为每次您上传内容类型不等于“image/jpeg”的图像时,$ok 的计算结果为 1,因此所有内容都会写入数据库。

但也要注意,像这样检查 MIME 类型可能会给您带来麻烦,因为用户能够伪造文件的 MIME 类型。

例如,您可以使用 Imagick 获取正确的图像 MIME 类型。在此处查看更多详细信息:http: //de2.php.net/manual/en/function.imagick-identifyimage.php

编辑:刚刚注意到, $uploaded_type 不会在脚本中的任何地方初始化。正如我所说,您可以使用 $_FILES['photo']['type'] 粗略估计 MIME 类型。

于 2009-02-05T17:03:45.673 回答