IM做一個社交網站和IM試圖讓這個你可以改變你的頭像,這是我的化身變化過程代碼:PHP文件上傳文件類型不正確
mysql_connect("website", "dbuser", "dbpass");
mysql_select_db("dbtable");
$upload_path = "./account/{$_SESSION["id"]}/";
$pw = $_POST['password'];
$email = $_POST['email'];
$q = mysql_query("SELECT * FROM `users` WHERE `email`='$email' AND `password`='$pw' LIMIT 1");
if(!$q) die(mysql_error());
if(mysql_num_rows($q) == 0) die("Authorization failed.");
$allowed = array('png');
$filename = $_FILES['newimage']['name'];
if(!($_FILES['newimage']['type'] == 'image/png')) {
die('The file is incorrect, only PNG files are allowed.');
}
$max_filesize = 10485760;
if(filesize($_FILES['newimage']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
if(move_uploaded_file($_FILES['newimage']['tmp_name'],"./account/".$_SESSION['id']."/profile.png"))
echo 'Successfully changed avatar.';
else
echo 'There was an error during the file upload. Please try again.';
這裏的問題是它總是說「文件不正確,只允許PNG文件。」 我沒有看到這段代碼有什麼問題,我該如何解決這個問題?
試圖'print_r'你的'$ _FILES'或者至少'$ _FILES ['newimage'] ['type']'? – Forien
請注意,'mysql_'函數已被棄用多年,並** **不安全**。還要注意,你的代碼是**開放給SQL注入**。嘗試在登錄表單中輸入正確的電子郵件並輸入錯誤的密碼。例如。 '[email protected]'--'(注意''--'?)。突然之間,你甚至不需要知道密碼感謝SQL注入,你可以作爲任何人登錄。如果您不知道電子郵件,請不要擔心:''或'username ='admin'--' – h2ooooooo
* die('您無法上傳到指定目錄,請將其設置爲777。'); * ..哎!請嘗試在嘗試任何與社交網站相似的任何事情之前,先了解一下LAMP堆棧和安全性的基本知識。* – CD001