2012-12-27 188 views
0
<html> 
<body> 

<form action="upload.php" method="post" 
enctype="multipart/form-data"> 
<label for="file">Filename:</label> 
<input type="file" name="file_field"><br> 
<input type="submit" name="submit" value="Submit"> 
</form> 

</body> 
</html> 

的PHP代碼如下不起作用。它根本不檢查任何東西。它不顯示最大文件大小錯誤。它所做的是,它接受我嘗試上傳的任何文件並將文件名插入數據庫。它不檢查我爲文件上傳設置的任何限制。任何想法? TXS文件上傳不起作用

<?php 

function uploadFile ($check_image = false, $random_name = false) { 

//Config Section  
//Set file upload path 
$path = 'c:/xampp/htdocs/images/'; //with trailing slash 
//Set max file size in bytes 
$max_size = 1000000; 
//Set default file extension whitelist 
$whitelist_ext = array('jpg','png','gif'); 
//Set default file type whitelist 
$whitelist_type = array('image/jpeg', 'image/png','image/gif'); 

//The Validation 
// Create an array to hold any output 
$out = array('error'=>null); 

if (!$_FILES['file_field']) { 
$out['error'][] = "Please specify a valid form field name";   
} 

if (!$path) { 
$out['error'][] = "Please specify a valid upload path";    
} 

if (count($out['error'])>0) { 
return $out; 
} 

//Make sure that there is a file 
if((!empty($_FILES['file_field'])) && ($_FILES['file_field']['error'] == 0)) { 

// Get filename 
$file_info = pathinfo($_FILES['file_field']['name']); 
$name = $file_info['filename']; 
$ext = $file_info['extension']; 

//Check file has the right extension   
if (!in_array($ext, $whitelist_ext)) { 
$out['error'][] = "Invalid file Extension"; 
} 

//Check that the file is of the right type 
if (!in_array($_FILES['file_field']["type"], $whitelist_type)) { 
$out['error'][] = "Invalid file Type"; 
} 

//Check that the file is not too big 
if ($_FILES['file_field']["size"] > $max_size) { 
$out['error'][] = "File is too big"; 
} 

//If $check image is set as true 
if ($check_image) { 
if (!getimagesize($_FILES['file_field']['tmp_name'])) { 
$out['error'][] = "Uploaded file is not a valid image"; 
} 
} 

//Create full filename including path 
if ($random_name) { 
// Generate random filename 
$tmp = str_replace(array('.',' '), array('',''), microtime()); 

if (!$tmp || $tmp == '') { 
$out['error'][] = "File must have a name"; 
}  
$newname = $tmp.'.'.$ext;         
} else { 
$newname = $name.'.'.$ext; 
} 

//Check if file already exists on server 
if (file_exists($path.$newname)) { 
$out['error'][] = "A file with this name already exists"; 
} 

if (count($out['error'])>0) { 
//The file has not correctly validated 
return $out; 
} 

if (move_uploaded_file($_FILES['file_field']['tmp_name'], $path.$newname)) { 
//Success 
$out['filepath'] = $path; 
$out['filename'] = $newname; 
return $out; 
} else { 
$out['error'][] = "Server Error!"; 
} 

} else { 
$out['error'][] = "No file uploaded"; 
return $out; 
}  
} 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
{ 
die('Could not connect: ' . mysql_error()); 
} 
mysql_select_db("simple_login", $con); 

mysql_query("INSERT INTO photo (photo) 
VALUES ('{$_FILES['file_field']['tmp_name']}')"); 


mysql_close($con); 
?> 
+1

這是不工作的程序員,文件上傳的作品就好了;) – PhearOfRayne

+0

在另一方面:您應該首先替換所有的'mysql_ *'函數。自'PHP 5.5.0'起,它們已被棄用。使用類似[PDO](http://php.net/manual/en/book.pdo.php)或[庫MySQLi(http://php.net/manual/en/book.mysqli.php) – PhearOfRayne

+0

@ StevenFarley我只是放棄了MySQL的部分從代碼檢查是否正常工作,沒有它,但什麼都沒有改變......你檢查文件上傳的作品? – Magna

回答

-1

的錯誤是在這裏:

//Make sure that there is a file 
if((!empty($_FILES['file_field'])) && ($_FILES['file_field']['error'] == 0)) { 

應該是:

//Make sure that there is a file 
if((!empty($_FILES['file_field'])) && (count($_FILES['file_field']['error']) == 0)) { 
+0

我改變你指出的,但得到了同樣的事情.. – Magna