php form no file no upload

Question

我在做一個測試版的「視頻上傳網站」，但人們只需要按上傳就可以上傳任何東西，並且垃圾我的數據庫和視頻網站，我怎麼才能讓它只上傳，如果有文件attched

我的代碼是：

<?php 

mysql_connect("ip","username","password"); 
mysql_select_db("database"); 

if(isset($_POST['submit'])) 
{ 
    $name = $_FILES['file']['name']; 
    $temp = $_FILES['file']['tmp_name']; 

    move_uploaded_file($temp,"uploaded/".$name); 
    $url = "http://www.mysite.dk/videoer/uploaded/$name"; 
    mysql_query("INSERT INTO `videos` VALUE ('','$name','$url')"); 
} 

?> 

<html> 
<head> 
<title>Upload din video | Se videoer</title> 

</head> 

<body> 

<a href="videoes.php">Videoer</a> 
<form action="index.php" method="POST" enctype="multipart/form-data"> 
    <input type="file" name="file" /> 
    <input type="submit" name="submit" value="Upload!" /> 
</form> 

<?php 

if(isset($_POST['submit'])) 
{ 
    echo "<br />".$name." Er blevet uploadet"; 
} 

?> 

</body> 

</html> 

Answer 1

你需要檢查PHP的$_FILES對象，以確保用戶提交的數據，如果$_POST['submit']變量被設置爲不只是檢查。

http://www.php.net/manual/en/reserved.variables.files.php