防止通過表單覆蓋文件上傳和MySQL記錄？

Question

我有一個提交系統設置，我想要它，所以沒有重複的條目可以提交。如果提交了一個，原始記錄和文件上傳被保留（不被覆蓋）。此外，如果存在，我希望表單向用戶顯示錯誤。這是我的upload.php（在HTML表單中提到）。

upload.php的

<?php 

//This is the directory where images will be saved 
$extension = explode(".", $_FILES['upload']['name']); 
$extension = $extension[count($extension)-1]; 
$target = "uploads/"; 
$target = $target . $_POST['snumber'] . "." . $extension; 

//This gets all the other information from the form and prevents SQL injection 
$fname=$_POST['fname']; 
$lname=$_POST['lname']; 
$upload=($_FILES['upload']['name']); 
$snumber=$_POST['snumber']; 
$grade=$_POST['grade']; 
$email=$_POST['email']; 

// Connects to your Database 
mysql_connect("localhost", "db_user", "password") or die(mysql_error()) ; 
mysql_select_db("db_name") or die(mysql_error()) ; 

//Writes the information to the database 
mysql_query("INSERT INTO `Table` VALUES ('$fname', '$lname', '$snumber', '$grade', '$email', '$target')") ; 

//Writes the upload to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) 
{ 
//Tells you if its all ok 
echo "Your submission ". basename($_FILES['uploadedfile']['name']). " was successful and we have received your submission. Your result will be sent to $email "; 
} 
else { 

//Gives and error if its not 
echo "Sorry, there was a problem uploading your file."; 
} 
?> 

我怎麼會去這樣做呢？

編輯：從下面結合的建議，這裏是更新的代碼但現在我得到一個Parse error: syntax error, unexpected T_ECHO in /path/to/upload.php on line 32

新upload.php的

<?php 

//This is the directory where images will be saved 
$extension = explode(".", $_FILES['upload']['name']); 
$extension = $extension[count($extension)-1]; 
$target = "uploads/"; 
$target = $target . $_POST['snumber'] . "." . $extension; 

//This gets all the other information from the form and prevents SQL injection 
$fname=$_POST['fname']; 
$lname=$_POST['lname']; 
$upload=($_FILES['upload']['name']); 
$snumber=$_POST['snumber']; 
$grade=$_POST['grade']; 
$email=$_POST['email']; 

//Checks if submission already exists 
if(file_exists($target)) 
{ 
    echo "This submission already exists. Please check that you have entered all values correctly. If this is an error please contact support"; 
} 
else 
{ 
    //Now that file doesn't exist, move it. 
    move_uploaded_file($_FILES['upload']['tmp_name'], $target); 
    //MYSQL CONNECTION 
     mysql_connect("localhost", "db_user", "password") or die(mysql_error()) ; 
     mysql_select_db("db_name") or die(mysql_error()) ; 
    //MYSQL Entry 
     mysql_query("INSERT INTO Table (fname, lname, snumber, grade, email, target) VALUES ('".mysql_real_escape_string($fname)."', '".mysql_real_escape_string($lname)."', '".mysql_real_escape_string($snumber)."', '".mysql_real_escape_string($grade)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($target)."')") 

    echo "Your submission was successful and we have received your portfolio. Your marks will be sent out to $email."; 
} 
?> 

Answer 1

看起來你存儲在數據庫中的目標，所以您可以檢查數據庫以查看該文件是否已經存在，或者您可以使用php的file_exists（）函數。

DB你顯然在插入語句之前運行查詢，並使你的條件基於結果。

否則，

if(file_exists($target)) 
{ 
    echo 'error'; 
} 
else 
{ 
    move_uploaded_file($_FILES['upload']['tmp_name'], $target); 
    // do success things here 
} 

文件存在，則可能需要完整路徑。如果它不能馬上工作，看看$ _SERVER ['DOCUMENT_ROOT']是否有幫助。

Answer 2

我已經提交表單和

var param = "action=testfile&dirpath=" + dirpath + "&file=" + filename; 

    $.ajax({ 
     type: "GET", 
     url: 'combi/testfile.php', 
     data: param, 
     success: function(data) { 
      test data .... if OK submit. 
     } 

在testfile.php您測試的文件和文件之前將一個Ajax查詢解決這個問題回聲出數據

if($_GET['action'] == 'testfile'){ 
    $msg = ''; 
    $basedirpath = $_GET['dirpath'] . "/"; 

    if(file_exists($basedirpath . $_GET['file'])) { 
     $msg = 'exists'; 
    } 
    echo $msg; 
} 

$ msg是在ajax調用中的數據中返回的。