我正在尝试从php脚本上传文件的一个页面(imageupload.php)中检索文件名,我想在javascript函数(QandATable.php)中的另一个页面中显示它。但我不知道该怎么做
我将向您展示所有相关代码,以便您可以关注它,以便您能够了解正在发生的事情。
更新:下面我将向您展示如何上传文件的步骤。以下代码成功上传文件。
以下是表格(QandATable.php);
var $fileImage = $("<form action='imageupload.php' method='post' enctype='multipart/form-data' target='upload_target' onsubmit='return imageClickHandler(this);' class='imageuploadform' >" +
<label>Image File: <input name='fileImage' type='file' class='fileImage' /></label><br/><label class='imagelbl'>" +
"<input type='submit' name='submitImageBtn' class='sbtnimage' value='Upload' /></label>" +
"</p><ul class='listImage' align='left'></ul>" +
"<iframe class='upload_target' name='upload_target' src='#' style='width:0;height:0;border:0px;solid;#fff;'></iframe></form>");
在用户提交表单的同一页面上,它将转到下面的函数,它将检查验证,然后在验证清除后,它将进入startImageUpload()函数:
function imageClickHandler(imageuploadform){
if(imageValidation(imageuploadform)){
return startImageUpload(imageuploadform);
}
return false;
}
如果没有验证,那么它将进入下面隐藏文件输入的JS函数(QandATable.php),并将表单提交给发送文件的imageupload.php。当文件上传时,它会回调到stopImageUpload()函数(QandAtable.php),在那里它将显示关于文件是否被上传的消息,这就是我想要服务器上的文件名的位置追加。
下面是startImageUpload()函数:
var sourceImageForm;
function startImageUpload(imageuploadform){
$(imageuploadform).find('.fileImage').css('visibility','hidden');
sourceImageForm = imageuploadform;
return true;
}
下面是上传文件的php脚本(imageupload.php):
<?php
session_start();
$result = 0;
if( file_exists("ImageFiles/".$_FILES['fileImage']['name'])) {
$parts = explode(".",$_FILES['fileImage']['name']);
$ext = array_pop($parts);
$base = implode(".",$parts);
$n = 2;
while( file_exists("ImageFiles/".$base."_".$n.".".$ext)) $n++;
$_FILES['fileImage']['name'] = $base."_".$n.".".$ext;
move_uploaded_file($_FILES["fileImage"]["tmp_name"],
"ImageFiles/" . $_FILES["fileImage"]["name"]);
$result = 1;
}
else
{
move_uploaded_file($_FILES["fileImage"]["tmp_name"],
"ImageFiles/" . $_FILES["fileImage"]["name"]);
$result = 1;
}
?>
<script language="javascript" type="text/javascript">
window.top.window.stopImageUpload(<?php echo $result;?>);
</script>
最后,当上传完成后,它会返回到stopUploadImage()函数(QandATable.php),以显示有关文件是否成功上传的消息。这也是我希望附加服务器上传文件名的地方。
function stopImageUpload(success){
var result = '';
if (success == 1){
result = '<span class="msg">The file was uploaded successfully!</span><br/><br/>';
$('.listImage').append('<br/>');
}
else {
result = '<span class="emsg">There was an error during file upload!</span><br/><br/>';
}
return true;
}
答案 0 :(得分:2)
您的$_POST不会包含fileimagename。相反,您的表单输入称为fileImage。请改用:
// Check $_POST for fileImage, which was the form input name
if (isset($_POST['fileImage'])) {
$_SESSION['fileimagename'] = $_FILES['fileImage']['name'];
// Proceed with the file upload and save.
}
else {
// oops, can't proceed
}
在JavaScript页面上,在访问值时执行一些错误检查:
<?php
session_start();
if (isset($_SESSION['fileimagename'])) {
$fileimagename = $_SESSION['fileimagename'];
// output JS code...
?>
<script type="text/javascript">Your JS code here...</script>
<?php
}
else {
// No filename - can't proceed with JavaScript code
// Display an eror or a message with instructions for user...
}
注意:请勿使用用户提供的文件名来存储图像!它使您可以进行目录遍历攻击,并使用户可以在Web服务器具有写访问权限的文件系统的任何位置编写文件。
// This is unsafe!
move_uploaded_file($_FILES["fileImage"]["tmp_name"], "ImageFiles/" . $_FILES["fileImage"]["name"]);
相反,通常将$_FILES['fileImage']['name']中的值与数据库中的值一起存储,并使用标识符将其存储在磁盘上。
$info = pathinfo($_FILES['fileImage']['name']);
// Get the original extension
$filext = $info['extension'];
// Make a unique filename and add the extension
$stored_filename = uniqid() . $filext;
// Use that to store the file on disk
move_uploaded_file($_FILES["fileImage"]["tmp_name"], $stored_filename);
// Now store BOTH $_FILES['fileImage']['name'] and $stored_filename in your database together
// The original user-supplied filename can be used for display, but isn't used on disk