PHP没有重命名上传的文件

时间:2014-10-15 13:23:46

标签: php

我正在上传图片,然后尝试重命名图片:

$target_dir = "../uploads/";
$target_dir = $target_dir . basename( $_FILES["eventimage"]["name"]);
$uploadOk=1;


  if (move_uploaded_file($_FILES["eventimage"]["tmp_name"], $target_dir)) {

  echo "The file ". basename( $_FILES["eventimage"]["name"]). " has been uploaded.";

} else {

  echo "Sorry, there was an error uploading your file.";

}

//Now rename
$new_name_here = 'file_' . rand(0, 10000) . '.' . end(explode(".", $_FILES["eventimage"]["name"]));
move_uploaded_file($_FILES["eventimage"]["tmp_name"], "../uploads/" . $new_name_here);

问题是图像现在正在重命名。

我是在错误的地方做这件事的。

我怎样才能让它发挥作用?

1 个答案:

答案 0 :(得分:1)

您的代码中有两次move_uploaded_file()来电,但每个上传的文件只能使用一次

一旦您使用move_uploaded_file()将临时/上传文件设为“永久”,您就会想要开始使用rename()

但是,我会建议在通过move_uploaded_file()移动它时不要使用原始文件的名称,因为恶意用户很容易在那里伪造一些令人讨厌的东西。相反,尝试使用您用于第二步的随机性来替换第一个:

$target_dir = "../uploads/";
$target_file = $target_dir . 'file_' . rand(0, 10000) . '.' . end(explode(".", $_FILES["eventimage"]["name"]));

if (move_uploaded_file($_FILES["eventimage"]["tmp_name"], $target_file)) {
  echo "The file ". htmlentities(basename( $_FILES["eventimage"]["name"])) . " has been uploaded.";
} else {
  echo "Sorry, there was an error uploading your file.";
}

旁注:输出用户提供的文件名时,我也调用了htmlentities();如果没有它,您就会对跨站点脚本(XSS)漏洞开放。