如何在上傳前或上傳期間調整圖像大小?php在上傳時或上傳前調整圖像大小
<?php
// Start a session for error reporting
session_start();
?>
<?php
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.html');
exit;
}
// *** Include the class
include("resize-class.php");
// Call our connection file
include('config.php');
// Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
// This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/JPG", "image/jpeg", "image/bmp", "image/gif", "image/png");
if (in_array($file['type'], $valid_types))
return 1;
return 0;
}
// Just a short function that prints out the contents of an array in a manner that's easy to read
// I used this function during debugging but it serves no purpose at run time for this example
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}
// Set some constants
// Grab the User ID we sent from our form
$user_id = $_SESSION['username'];
$category = $_POST['category'];
// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "img/users/$category/$user_id/";
if (! is_dir($TARGET_PATH)) {
mkdir($TARGET_PATH, 0775, true);
}
// Get our POSTed variables
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$contact = $_POST['contact'];
$price = $_POST['price'];
$conditional = $_POST['conditional'];
$image = $_FILES['image'];
// Build our target path full string. This is where the file will be moved do
// i.e. images/picture.jpg
$TARGET_PATH .= $image['name'];
// Make sure all the fields from the form have inputs
if ($fname == "" || $lname == "" || $image['name'] == "" || $category['category'] == "" || $conditional['conditional'] == "" || $price['price'] == "")
{
$_SESSION['error'] = "All fields required";
header("Location: securedpage1.php");
exit;
}
// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: securedpage1.php");
exit;
}
// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: securedpage1.php");
exit;
}
// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server
$imagename = $image['name'];
$sql = "insert into people (price, contact, category, username, fname, lname, expire, filename, conditional, posttime) values (:price, :contact, :category, :user_id, :fname, :lname, now() + INTERVAL 1 MONTH, :imagename, :conditional, now())";
$q = $conn->prepare($sql) or die("failed!");
$q->bindParam(':price', $price, PDO::PARAM_STR);
$q->bindParam(':contact', $contact, PDO::PARAM_STR);
$q->bindParam(':category', $category, PDO::PARAM_STR);
$q->bindParam(':user_id', $user_id, PDO::PARAM_STR);
$q->bindParam(':fname', $fname, PDO::PARAM_STR);
$q->bindParam(':lname', $lname, PDO::PARAM_STR);
$q->bindParam(':imagename', $imagename, PDO::PARAM_STR);
$q->bindParam(':conditional', $conditional, PDO::PARAM_STR);
$q->execute();
$sql1 = "UPDATE people SET firstname = (SELECT firstname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
$q = $conn->prepare($sql1) or die("failed!");
$q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
$q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
$q->execute();
$sql2 = "UPDATE people SET surname = (SELECT surname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
$q = $conn->prepare($sql2) or die("failed!");
$q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
$q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
$q->execute();
header("Location: success.php");
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file. Check read/write permissions on the directory";
header("Location: securedpage1.php");
exit;
}
?>
此代碼不安全。不要認爲從客戶端傳入的類型實際上是上傳文件的類型。此外,你想要做什麼並不完全清楚。 – Brad
@布拉德謝謝你的回覆,我將如何改進以使它更安全?此外,這是一個圖像上傳腳本,我想調整圖像的大小,如果分辨率太大 – neeko
使用['imagecopyresized'](http://www.php.net/manual/en/function.imagecopyresized.php)調整圖像大小。 – air4x