0
我使用this file uploader並決定驗證上傳文件的實際內容以確保它確實是圖像。所以我想使用PHP getimagesize()
函數,它需要文件名。 但是沒有$_FILES['xxx']['tmp_name']
所以我把它傳遞給getimagesize
函數。我建議在我的上傳過程中驗證實際內容類型是什麼?當通過XMLHttpRequest上傳時使用getimagesize()
/**
* Handle file uploads via XMLHttpRequest
*/
class qqUploadedFileXhr {
/**
* Save the file to the specified path
* @return boolean TRUE on success
*/
function save($path) {
$input = fopen("php://input", "r");
$temp = tmpfile();
$realSize = stream_copy_to_stream($input, $temp);
fclose($input);
$target = fopen($path, "w");
fseek($temp, 0, SEEK_SET);
stream_copy_to_stream($temp, $target);
fclose($target);
return true;
}
function getName() {
return $_GET['qqfile'];
}
function getImageInfo() {
return getimagesize($_GET['qqfile']); /* no such file or directory */
}
}
更新
if ($this->file->save($uploadDirectory . $filename . $ext)){
// if only images are allowed to upload
if ($imgOnly)
{
// get image size and if $imgInfo were false delete uploaded file
$imgInfo = getimagesize($uploadDirectory . $filename . $ext);
if (!$imgInfo)
{
unlink($uploadDirectory . $filename . $ext);
return array('error' => 'The file uploaded is not actual image file.');
}
}
return array('success'=>true);
} else {
return array('error'=> 'Could not save uploaded file.' .
'The upload was cancelled, or server error encountered');
}
但它沒有預先上傳,對不對?這種方法文件首先上傳,然後必須檢查它是否有效。但它仍然已經上傳 – mhesabi
@mhesabi:當然。在文件到達服務器之前,如何用服務器代碼檢查文件? – Jon
可能會將文件上載到臨時目錄中,比如當我們使用$ _FILES ['xxx'] ['tmp_name']時。 '[tmp_name] => E:\ xampp \ tmp \ phpCD2F.tmp'。不直接在上傳文件夾中。 – mhesabi