1. 首頁
  2. 問答
  3. 帶有文件上傳字段無法上傳的PHP/HTML表單,無法弄清楚爲什麼

帶有文件上傳字段無法上傳的PHP/HTML表單,無法弄清楚爲什麼

2012-10-11 37 views
1

我一直在尋找相同的代碼兩個小時,現在我無法弄清楚問題所在。它必須是愚蠢的,因爲我得到一個未定義的索引錯誤,但我只是沒有看到它。 請給它一些新鮮的眼睛!帶有文件上傳字段無法上傳的PHP/HTML表單,無法弄清楚爲什麼

實際的錯誤:

Notice: Undefined index: paper_attach in [redacted] on line 104

Notice: Undefined index: paper_attach in [redacted] on line 105 Error: No file uploaded

的HTML:

<label for="paper_attach">Attach the paper:</label> <input type="file" name"paper_attach" class="paper_metadata"><br /> 
     <label class="textarea" for="comments">Comments:</label><br /> <textarea name="comments"><?php if (isset($comments)) { echo $comments;} ?></textarea><br /><br /> 

    <input type="submit" value="Save"> 

</form>

的PHP:

//Сheck that we have a file 
     if(!empty($_FILES['paper_attach'])) { 
      //Check if the file is pdf, doc or docx and it's size is less than 20MB 
      $filename = basename($_FILES['paper_attach']['name']); 
      $ext = substr($filename, strrpos($filename, '.') + 1); 

      if ((($ext == "pdf") && ($_FILES["paper_attach"]["type"] == "application/pdf")) or (($ext == "doc") && ($_FILES["paper_attach"]["type"] == "application/msword")) or (($ext == "docx") && ($_FILES["paper_attach"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")) 
       && ($_FILES["paper_attach"]["size"] < 20000000)) { 
       //Determine the path to which we want to save this file 
       $attachment_url = 'uploads/'.$filename; 
       //Check if the file with the same name already exists on the server 
       if (!file_exists($attachment_url)) { 
        //Attempt to move the uploaded file to it's new place 
        if ((move_uploaded_file($_FILES['paper_attach']['tmp_name'],$attachment_url))) { 
         echo "It's done! The file has been saved as: ".$attachment_url; 

         // ** VALIDATIONS PENDING 
         $query = "SELECT [redacted]"; 
         if ($query_run = mysql_query($query)) { 
          $query_num_rows = mysql_num_rows($query_run); 
          assert($query_num_rows<= 1); 

          if ($query_num_rows === 0) { 
           // There's no row with this pmid, so we can add it 
           $query = "INSERT [redacted]"; 

           if ($query_run = mysql_query($query)) { 
            header('Location: success.php'); 
           } 

          } elseif ($query_num_rows === 1) { 
           echo 'There already is a paper with the PMID: '.$pmid.' in the database.'; 

          } 
         } 

        } else { 
         echo "Error: A problem occurred during file upload!"; 
        } 

       } else { 
        echo "Error: File ".$_FILES["paper_attach"]["name"]." already exists"; 
       } 
      } else { 
       echo "Error: Only .doc, .docx or .pdf files under 20MB are accepted for upload."; 
      } 

     } else { 
      echo $_FILES['paper_attach']; 
      echo "Error: No file uploaded <br />".$_FILES['paper_attach']['error']; 

     }

來源

2012-10-11 margaritam

+1

什麼索引是未定義的,在哪一行? –

+0

你從那個php得到的輸出是什麼? – xception

+0

對不起,我編輯了這個問題,因爲SO在我身上打了一個。我希望現在一切都得到解決。 – margaritam

回答

1

你忘了你的<input type="file">的=應該是:

<input type="file" name="paper_attach" class="paper_metadata" />

,而不是你

<input type="file" name"paper_attach" class="paper_metadata">

來源

2012-10-11 15:25:36 xception

+0

確實是這個問題。我無法相信我因此而花了多長時間。偉大的眼睛。謝謝! – margaritam

+0

沒問題,請您檢查答案是否正確,以免別人浪費時間來回答這個問題? – xception

+0

當然,我剛剛做到了。 – margaritam

1

你沒有任何覈實上傳居然成功了,所有的處理代碼假定一切正常。例如你需要在絕對最低限度:

if ($_FILES['paper_attach']['error'] !== UPLOAD_ERR_OK) { 
    die("Upload failed with error code " . $_FILES['paper_attach']['error']);' 
}

同時,其他問題:

  1. 無處在你的代碼中定義$ PMID,但你使用它插入查詢和HTTP重定向。
  2. 您正在使用用戶提供的['type']屬性進行文件類型驗證,允許惡意用戶上傳ANY種文件到您的服務器。

來源

2012-10-11 15:26:22

+0

是的,他們應該從php中刪除類型屬性,太多的用戶依賴於它。 – xception

+0

我接受你的意思與類型屬性驗證,這仍然不是最終的代碼,雖然我主要是在學習,而我的代碼。你是否介意正確的文件上傳控制方向? – margaritam

相關問題

 相關問題