上传照片和照片大小

时间:2014-01-27 16:50:17

标签: php mysql

我想保护网站免受客户无法上传大于2MB的图片,如果这样做,会收到我设计的错误。我创建的代码是这样,但不起作用,如果大小超过2mb,跳过限制,将他发送到“error.php”我尝试上传文件,并显示警报列表

<?php session_start(); 
include("includes/conexiones.php");
$sql="SELECT * FROM trabajos ORDER BY id DESC LIMIT 1" ;
$resultado=mysql_query($sql);
$fila=mysql_fetch_array($resultado);
$lastid=$fila["id"];
$prefijo=$lastid+1;
if ($_POST["cserv"]!=""){
$servicio=$_POST["cserv"];}
if ($_POST["cdirv"]!=""){
$direccion=$_POST["cdirv"];}
if ($_POST["cobserv"]!=""){
$observaciones=$_POST["cobserv"];}
if ($_FILES["cfoto"]!=""){
$foto=$_FILES["cfoto"]["name"];
$nombrefoto=$prefijo.$foto;
$Upload=$_FILES["cfoto"]["name"];
$Type=$_FILES["cfoto"]["type"];
$Size=$_FILES["cfoto"]["size"];
}
if($Size > 2097152){
header("location:error.php");
}
if($Size < 2097152){
$fototmp=$_FILES["cfoto"]["tmp_name"];
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=600;
$nuevoalto=600*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/grandes/".$nombrefoto);
$fototmp=$_FILES["cfoto"]["tmp_name"]; 
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=144;
$nuevoalto=144*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/peques/".$nombrefoto);
$sql="INSERT INTO trabajos (servicio, direccion, observaciones, foto) VALUES ('$servicio',         '$direccion', '$observaciones', '$nombrefoto')";
mysql_query($sql);
$idtrabajo=mysql_insert_id();
header("location:insertartrabajo2.php?vid=$idtrabajo"); 
}
?>

如果有人有更好的解决方案,我愿意接受建议。

感谢

2 个答案:

答案 0 :(得分:0)

打开php.ini文件,并将参数upload_max_filesize更新为2M

像这样:

upload_max_filesize = 2M

保存,退出文件并重启apache。

如果您无权访问php.ini,请将以下行添加到.htaccess文件中

php_value upload_max_filesize 2M

我不会依赖$_FILES变量,因为恶意用户几乎可以覆盖该变量中的每个值。

当用户上传超过upload_max_filesize时,您只需登记$_FILES['cfoto']['error']即可。

检查此值是否为UPLOAD_ERR_INI_SIZE以检测文件是否大于php.ini / .htaccess中定义的最大大小:

if($_FILES['cfoto']['error'] == UPLOAD_ERR_INI_SIZE) {
  // redirect to your error screen
} else {
  // proceed as normal
}

答案 1 :(得分:-1)

要检测文件大小,请使用此代码

$fileSize = $_FILES["avatar"]["size"];

并将此代码用于您想要的大小...... 

if($fileSize > 1048576) {
    header("location: ../message.php?msg=ERROR: Your image file was larger than 1mb");
    exit(); 
}

并且message.php是

<?php
$message = "";
$msg = preg_replace('#[^a-z 0-9.:_()]#i', '', $_GET['msg']);
if($msg == "activation_failure"){
        $message = '<h2>Activation Error</h2> Sorry there seems to have been an issue     activating your account at this time. We have already notified ourselves of this issue and  we will contact you via email when we have identified the issue.';
} else if($msg == "activation_success"){
    $message = '<h2>Activation Success</h2> Your account is now activated. <a     href="login.php">Click here to log in</a>';
} else {
    $message = $msg;
}
?>
<div><?php echo $message; ?></div>
相关问题
最新问题