我正在使用php代码将文件从iphone上传到服务器但是在上传时它会将随机数名称提供给带有我的文件名的文件,以便如何删除该号码,只有文件名应保留在脚本中
<?php
$uploaddir = './'; //Uploading to same directory as PHP file
$file = basename($_FILES['userfile']['name']);
$uploadFile = $file;
$randomNumber = rand(0, 99999);
$newName = $uploadDir . $randomNumber . $uploadFile;
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
echo "Temp file uploaded. \r\n";
} else {
echo "Temp file not uploaded. \r\n";
}
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $newName)) {
$postsize = ini_get('post_max_size'); //Not necessary, I was using these
$canupload = ini_get('file_uploads'); //server variables to see what was
$tempdir = ini_get('upload_tmp_dir'); //going wrong.
$maxsize = ini_get('upload_max_filesize');
echo "http://www.iroboticshowoff.com/dir/{$file}" . "\r\n" . $_FILES['userfile'] ['size'] . "\r\n" . $_FILES['userfile']['type'] ;
}
?>
答案 0 :(得分:2)
出于安全考虑,保留随机数可能会很好。这样,攻击者无法可靠地知道上传文件在服务器上的位置。
答案 1 :(得分:0)
尝试从$ newName赋值中删除$ randomNumber变量:
// Before
$newName = $uploadDir . $randomNumber . $uploadFile;
// After
$newName = $uploadDir . $uploadFile;