我正在上传图片,然后尝试重命名图片:
$target_dir = "../uploads/";
$target_dir = $target_dir . basename( $_FILES["eventimage"]["name"]);
$uploadOk=1;
if (move_uploaded_file($_FILES["eventimage"]["tmp_name"], $target_dir)) {
echo "The file ". basename( $_FILES["eventimage"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
//Now rename
$new_name_here = 'file_' . rand(0, 10000) . '.' . end(explode(".", $_FILES["eventimage"]["name"]));
move_uploaded_file($_FILES["eventimage"]["tmp_name"], "../uploads/" . $new_name_here);
问题是图像现在正在重命名。
我是在错误的地方做这件事的。
我怎样才能让它发挥作用?
答案 0 :(得分:1)
您的代码中有两次move_uploaded_file()
来电,但每个上传的文件只能使用一次。
一旦您使用move_uploaded_file()
将临时/上传文件设为“永久”,您就会想要开始使用rename()
。
move_uploaded_file()
移动它时不要使用原始文件的名称,因为恶意用户很容易在那里伪造一些令人讨厌的东西。相反,尝试使用您用于第二步的随机性来替换第一个:
$target_dir = "../uploads/";
$target_file = $target_dir . 'file_' . rand(0, 10000) . '.' . end(explode(".", $_FILES["eventimage"]["name"]));
if (move_uploaded_file($_FILES["eventimage"]["tmp_name"], $target_file)) {
echo "The file ". htmlentities(basename( $_FILES["eventimage"]["name"])) . " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
旁注:输出用户提供的文件名时,我也调用了htmlentities()
;如果没有它,您就会对跨站点脚本(XSS)漏洞开放。