1. 首頁
  2. 問答
  3. 使用If語句上傳PHP文件驗證

使用If語句上傳PHP文件驗證

2009-02-05 17 views
0

您好我對PHP很新,但我一直在關注一些教程,但他們似乎並沒有工作,所以我試圖去適應它們。 我已經測試了這段代碼,但它的工作原理還不錯,但是其他的東西我無法得到我的頭,php文件沒有上傳(很好),但細節仍在寫入數據庫,雖然$ ok是spose設置爲0(不好)。如果解釋這裏會發生什麼,可能會更容易:使用If語句上傳PHP文件驗證

- 用戶可以上傳gif或jpeg文件。添加到數據庫的詳細信息。 - 用戶可以上傳任何文件,因爲默認情況下會被使用。添加到數據庫的詳細信息。 - 用戶不應該能夠上傳任何其他文件。沒有記錄應該在數據庫上,用戶應該再試一次。

到目前爲止我的代碼:

<?php 

//This is the directory where images will be saved 
$target = "images/"; 
$target = $target . basename($_FILES['photo']['name']); 
$ok=0; 


//This gets all the other information from the form 
$name= mysql_real_escape_string ($_POST['nameMember']); 
$bandMember= mysql_real_escape_string ($_POST['bandMember']); 
$pic= mysql_real_escape_string ($_FILES['photo']['name']); 
$about= mysql_real_escape_string ($_POST['aboutMember']); 
$bands= mysql_real_escape_string ($_POST['otherBands']); 

$uploaded_size=$_FILES['photo']['file_size']; 
if ($uploaded_size > 350000) 
{ 
echo "Your file is too large, 35Kb is the largest file you can upload.<br>"; 
$ok=0; 
} 
if ($uploaded_type =="text/php") 
{ 
echo "No PHP files<br>"; 
$ok=0; 
} 

if (!($uploaded_type =="image/jpeg")) 
{ 
echo "JPEG<br>";$ok=1; 
} 

if ($uploaded_type =="image/gif") 
{ 
echo "GIf<br>";$ok=1; 
} 

if (empty($pic)){ 
echo "You haven't uploaded a photo, a default will be used instead.<br/>";$ok=1;} 


if ($ok==0) 
{ 
Echo "Sorry your file was not uploaded, please try again with the correct format."; 
} 

//If everything is ok we try to upload it 
else 
{ 

// Connects to your Database 
mysql_connect("localhost", "*******", "******") or die(mysql_error()) ; 
mysql_select_db("project") or die(mysql_error()) ; 

//Writes the information to the database 
mysql_query("INSERT INTO dbProfile (nameMember,bandMember,photo,aboutMember,otherBands) 
VALUES ('$name', '$bandMember', '$pic', '$about', '$bands')") ; 

//Writes the photo to the server 
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
{ 

//Tells you if its all ok 
echo "The file ". basename($_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory<br/>"; 
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>"; 
} 
else { 

//Gives and error if its not 
echo "<p>If you have uploaded a picture there may have been a problem uploading your file.</p>"; 
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>"; 
} 
} 
?>

乾杯提前。 CHL

來源

2009-02-05 Cool Hand Luke UK

回答

1

該錯誤可能是這個if語句:

if (!($uploaded_type =="image/jpeg")) 
    { 
    echo "JPEG<br>";$ok=1; 
    }

因爲每次你上傳不具有等於「圖像/ JPEG」的內容類型的圖像時,$確定結果爲1,所以一切被寫入數據庫。

但是請注意,只是像這樣檢查MIME類型會讓你陷入困境,因爲用戶能夠僞造文件的MIME類型。

例如,您可以使用Imagick來獲取正確的圖像MIME類型。在這裏看到更多的細節:http://de2.php.net/manual/en/function.imagick-identifyimage.php

編輯:只需注意,$ uploaded_type不會初始化腳本中的任何地方。正如我所說的,您可以使用$ _FILES ['photo'] ['type']來粗略估計MIME類型。

來源

2009-02-05 17:03:45

+0

如果$ ok = 0那麼呢?讓我直截了當地說,即時通訊如果該文件不是JPEG格式,然後使$ OK = 1;這實際上是錯誤的,我需要使它$ OK = 0;我會嘗試改變它,看看這是否是問題所在。 – 2009-02-05 17:17:46

相關問題

 相關問題