2011-08-23 226 views
2

我正在工作的用戶有一個選項來上傳圖像,如果他們沒有上傳圖像然後我將使用他們的個人資料的默認圖像,但我有一些問題,我想要驗證它們只能上傳,但現在,即使他們沒有上傳我的驗證代碼運行的圖像,而不是讓保存下面的表格其餘形象是我的代碼PHP圖像上傳

if(isset($_FILES)) 
    { 
     $imagename = $_FILES['uploadimage']['name']; 
     $imagetype = $_FILES['uploadimage']['type']; 
     $imagesize = $_FILES['uploadimage']['size']; 


     if($imagetype != "image/gif" || $imagetype != "image/jpg" || $imagetype == "image/png" || $imagetype == "image/jpeg") 
     { 
      $error = 'Please upload an image with JPG, PNG, GIF'; 
     } 
     elseif($imagesize > 716800) 
     { 
      $error = 'Image Needs to be under 700kb only';  
     } 
     else 
     { 
        $success = 'Uploaded'; 
        } 

即使他們沒有上傳整個代碼運行的圖像

+0

漂亮的小上傳庫有一些非常漂亮的jQuery功能:https://github.com/blueimp/jQuery-File-Upload – Kzqai

回答

1

您應該使用

if(!empty($_FILES) && array_key_exists('uploadimage', $_FILES) && $_FILES['uploadimage']['size'] > 0) 

代替

if(isset($_FILES)). 
+0

仍然在做同樣的事情,即使我沒有上傳它正在運行的那段代碼 – Henry

+0

@Henry嘗試編輯答案 –

+0

是有道理,並且工作正常,但我也發現一個簡單的替代PHP 4.3或更高版本我們可以使用函數if(is_uploaded_file(['file'] ['tmp_name']))但我會使用你的andrej ...謝謝你的幫助 – Henry

1

$ _FILES是一個超全局變量,是始終存在的,不管劇本是如何調用,或者如果一個文件上傳實際上是企圖。

您需要檢查一個特定的文件,而不是,如:

if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) { 
    ... upload occured ... 
} 
+0

: - 現在它沒有運行那段代碼,即使我正在上傳一個zip文件,它給我一個成功的消息 – Henry

+0

根本不運行代碼,但給成功消息?咦? –

+0

是的,它跳過了你提供的if語句,並去了另一個我已經寫過的else語句..如果我上傳了一個zip文件,它應該說錯誤如果它正在運行你的if條件BAMM – Henry

1

必須先測試,如果上傳更迭,然後測試,如果文件是圖像,並與他們合作。

if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) { 
    if($_FILES['nameoffilefield']['type'] != "image/gif" 
     && $_FILES['nameoffilefield']['type'] != "image/jpg" 
     && $_FILES['nameoffilefield']['type'] != "image/png" 
     && $_FILES['nameoffilefield']['type'] != "image/jpeg") 
    { 
     $error = 'Please upload an image with JPG, PNG, GIF'; 
    } 
    elseif($imagesize > 716800) 
    { 
     $error = 'Image Needs to be under 700kb only';  
    } 
    else 
    { 
     $success = 'Uploaded'; 
     // do something with image 
     move_uploaded_file($_FILES['nameoffilefield']['tmp_name'],$newFileWithDir); 
    } 
} 

但它不是好主意,測試$ _FILES [ 'nameoffilefield'] [ '型']在 「圖像/ JPEG」,因爲攻擊者可以用此MIME類型發送PHP文件。

0

使用此圖片上傳代碼。

<?php 
//define a maxim size for the uploaded images in Kb 
define ("MAX_SIZE","1000"); 

//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension. 
function getExtension($str) { 
     $i = strrpos($str,"."); 
     if (!$i) { return ""; } 
     $l = strlen($str) - $i; 
     $ext = substr($str,$i+1,$l); 
     return $ext; 
} 

//This variable is used as a flag. The value is initialized with 0 (meaning no error found) 
//and it will be changed to 1 if an errro occures. 
//If the error occures the file will not be uploaded. 
$errors=0; 
//checks if the form has been submitted 
if(isset($_POST['Submit'])) 
{ 
    //reads the name of the file the user submitted for uploading 
    $image=$_FILES['image']['name']; 
    //if it is not empty 
    if ($image) 
    { 
    //get the original name of the file from the clients machine 
     $filename = stripslashes($_FILES['image']['name']); 
    //get the extension of the file in a lower case format 
     $extension = getExtension($filename); 
     $extension = strtolower($extension); 
    //if it is not a known extension, we will suppose it is an error and will not upload the file, 
    //otherwise we will do more tests 
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
     { 
     //print error message 
      echo '<h1>Unknown extension!</h1>'; 
      $errors=1; 
     } 
     else 
     { 
//get the size of the image in bytes 
//$_FILES['image']['tmp_name'] is the temporary filename of the file 
//in which the uploaded file was stored on the server 
$size=filesize($_FILES['image']['tmp_name']); 

//compare the size with the maxim size we defined and print error if bigger 
if ($size > MAX_SIZE*1024) 
{ 
    echo '<h1>You have exceeded the size limit!</h1>'; 
    $errors=1; 
} 

//we will give an unique name, for example the time in unix time format 
$image_name=time().'.'.$extension; 
//the new name will be containing the full path where will be stored (images folder) 
$newname="images/".$image_name; 
//we verify if the image has been uploaded, and print error instead 
$copied = copy($_FILES['image']['tmp_name'], $newname); 
if (!$copied) 
{ 
    echo '<h1>Copy unsuccessfull!</h1>'; 
    $errors=1; 
}}}} 

//If no errors registred, print the success message 
if(isset($_POST['Submit']) && !$errors) 
{ 
    echo "<h1>File Uploaded Successfully! Try again!</h1>"; 
} 

?> 

<!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" --> 
<form name="newad" method="post" enctype="multipart/form-data" action=""> 
<table> 
    <tr><td><input type="file" name="image"></td></tr> 
    <tr><td><input name="Submit" type="submit" value="Upload image"></td></tr> 
</table> 
</form> 
0

您也可以從這個代碼::

image.php上載MySQL數據庫圖像

<form action='image.php' method='post' enctype='multipart/form-data' > 
    <input type='file' name='image'> 
    <input type='submit' name='submit'> 
    </form> 

<?php 
    if(isset($_POST['submit'])) { 
     $image = addslashes(file_get_contents($_FILES['image']['tmp_name'])); 

     $size = getimagesize($_FILES['image']['tmp_name']); 
    if($size != FALSE) 
      mysql_query(" INSERT INTO tableName VALUES ('', '$image')) or die(mysql_error()); 
     else 
     echo "image uploading problem"; 
    } 
?> 
+0

查詢中缺少'''。 –

2

說實話沒有創建自己的圖片上傳代碼,浪費你的時間,只需使用class.upload即可。