与标题一样,我想更改用户通过表单上传的文件的文件名。这是代码
HTML
<form action="editprofile.php" method="POST" enctype="multipart/form-data">
<p>Upload your image:<p /><input type="file" name="myfile"></p><br />
<p><input type="radio" name="type" value="defaultDot">Use Default</p>
<p><input type="submit" name="updateAvatar"></p>
</form>
这是我的php脚本,它将上传的文件移动到正确的目录
PHP
$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
$size = getimagesize($_FILES['myfile']['tmp_name']);
if($name){
//start upload process
if($size != FALSE){
$location = "images/avatars/$name";
move_uploaded_file($tmp_name, $location);
$query = mysql_query("UPDATE users SET avatar='$location' WHERE id=$id");
$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Uploaded Image!.</font></p>';
}else{
$avaMessage = '<p><font size=2 color=red face=Tahoma>Please only submit image files!</font></p>';
}
}
我如何能够为图像提供自定义名称?例如,我有一个名为 $ username 的变量,它存储用户名的会话变量。如果我想将图像命名为具有相同文件扩展名的 $ username 变量,该怎么办?
修改:编辑:编辑:
添加了你的if语句lawrence,我在move_upload_files中交换了vars,但它仍然不起作用...
的代码
if($_SERVER['REQUEST_METHOD']=='POST' && isset($username) && is_numeric($id)
&& isset($_FILES['myfile']['error']) && $_FILES['myfile']['error']=='UPLOAD_ERR_OK'){
if($_POST['type'] != "defaultDot"){
//$avaURL = $_POST['url'];
//$updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
//$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Uploaded!</font></p>';
$name = basename($_FILES['myfile']['name']);
$ext = end(explode('.', $name));
$move_to = "images/avatars/".preg_replace('/[^a-zA-Z0-9.-]/s', '_',$username).'.'.$ext;
$info = getimagesize($_FILES['myfile']['tmp_name']);
if($name){
//start upload process
$allowed = array('image/png','image/jpg','image/gif');
if($info[0]>0 && $info[1] > 0 && in_array($info['mime'],$allowed)){
if($info[0]>200 || $info[1] > 200){
//File dimensions too large
$avaMessage = '<p><font size=2 color=red face=Tahoma>File dimensions too large.</font></p>';
}else{
//File put contents will over write if file exsist
move_uploaded_file($_FILES['myfile']['tmp_name'], $move_to);
mysql_query("UPDATE users
SET avatar='".mysql_real_escape_string($move_to)."'
WHERE id=".$id." AND owner='".$_SESSION['username']."'");
$avaMessage = 'Avatar Updated - Uploaded Image!.';
}
}else{
$avaMessage = '<p><font size=2 color=red face=Tahoma>Please only submit image files!</font></p>';
}
}else{
$avaMessage = '<p><font size=2 color=red face=Tahoma>Please select a file!</font></p>';
}
}else{
$avaURL = 'images/avatars/default.png';
$updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Default.</font></p>';
}
}
即使使用固定的'POST'Lawrence仍然无法工作......
答案 0 :(得分:1)
Heres a secure&amp; amp;安全方式待办事项,邮件请求需要检查,只检查$name是不够的,$username需要剥离任何特殊字符,$id需要检查其集合并且是数字,文件特定类型扩展名需要查找,也允许mime类型需要交叉匹配,加上宽度和高度大小需要检查,很多思考,上传可能是非常不安全的,更不用说图像可以将php注入文件注释,如果处理不正确可能会被执行:
<?php
if($_SERVER['REQUEST_METHOD']=='POST' && isset($username) && is_numeric($id)
&& isset($_FILES['myfile']['error']) && $_FILES['myfile']['error']=='UPLOAD_ERR_OK'){
$name = basename($_FILES['myfile']['name']);
$ext = end(explode('.', $name));
$move_to = "images/avatars/".preg_replace('/[^a-zA-Z0-9.-]/s', '_',$username).'.'.$ext;
$info = getimagesize($_FILES['myfile']['tmp_name']);
//not more then 200px
if($info[0]>200 || $info[1] > 200){
//file too large
}
$allowed = array('image/png','image/jpg','image/gif');
if($info[0]>0 && $info[1] > 0 && in_array($info['mime'],$allowed)){
move_uploaded_file($_FILES['myfile']['tmp_name'],$move_to);
mysql_query("UPDATE users
SET avatar='".mysql_real_escape_string($move_to)."'
WHERE id=".$id." AND owner='".$_SESSION['username']."'");
$avaMessage = 'Avatar Updated - Uploaded Image!.';
}else{
//Not allowed
}
}
?>
<form action="" method="POST" enctype="multipart/form-data">
<!--1 MB = 1048576 bytes-->
<input type="hidden" name="MAX_FILE_SIZE" value="1048576" />
<p>Upload your image:<p /><input type="file" name="myfile"></p><br />
<p><input type="radio" name="type" value="defaultDot">Use Default</p>
<p><input type="submit" name="updateAvatar"></p>
</form>
<小时/> 更新编辑 这是上传过程的OOP版本,也许你会发现它很有趣,我也添加了所有可能的错误; p
<?php
Class updateUserAvatar{
public $upload_path;
public $full_path;
public $name;
public $size;
public $ext;
public $output;
public $input;
public $prefix;
private $allowed;
function upload(){
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_FILES[$this->input]['error'])){
if($_FILES[$this->input]['error'] == 0){
$this->name = basename($_FILES[$this->input]['name']);
$file_p = explode('.', $this->name);
$this->ext = end($file_p);
$this->full_path = rtrim($this->upload_path,'/').'/'.preg_replace('/[^a-zA-Z0-9.-]/s', '_', $this->prefix).'.'.$this->ext;
$info = getimagesize($_FILES[$this->input]['tmp_name']);
$this->size = filesize($_FILES[$this->input]['tmp_name']);
if($info[0]>$this->allowed['dimensions']['width'] || $info[1] > $this->allowed['dimensions']['height']){
$this->output = 'File dimensions too large!';
}else{
if($info[0] > 0 && $info[1] > 0 && in_array($info['mime'],$this->allowed['types'])){
move_uploaded_file($_FILES[$this->input]['tmp_name'],$this->full_path);
$this->output = 'Upload success!';
}else{
$this->output = 'File not supported!';
}
}
}else{
if($_FILES[$this->input]['error']==1){$this->output = 'The uploaded file exceeds the upload_max_filesize directive!';}
if($_FILES[$this->input]['error']==2){$this->output = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in our HTML form!';}
if($_FILES[$this->input]['error']==3){$this->output = 'The uploaded file was only partially uploaded!';}
if($_FILES[$this->input]['error']==4){$this->output = 'No file was uploaded!';}
if($_FILES[$this->input]['error']==6){$this->output = 'Missing a temporary folder!';}
if($_FILES[$this->input]['error']==7){$this->output = 'Failed to write uploaded file to disk!';}
if($_FILES[$this->input]['error']==8){$this->output = 'A PHP extension stopped the file upload!';}
}
}
}
}
function setPath($var){
$this->upload_path = $var;
}
function setAllowed($var=array()){
$this->allowed = $var;
}
function setFilePrefix($var){
$this->prefix = preg_replace('/[^a-zA-Z0-9.-]/s', '_', $var);
}
function setFormInput($var){
$this->input = $var;
}
}//END CLASS
if($_POST['type'] != "defaultDot"){
//Setup
$upload = new updateUserAvatar();
$upload->setPath('./images/avatars/');
$upload->setFilePrefix($username);
$upload->setAllowed(array('dimensions'=>array('width'=>200,'height'=>200),
'types'=>array('image/png','image/jpg','image/gif')));
$upload->setFormInput('myfile');
$upload->upload();
if($upload->output == 'Upload success!'){
//do query
$updateURL = mysql_query("UPDATE users SET avatar='$upload->full_path' WHERE id=$id");
}
//message
$avaMessage = $upload->output;
}else{
$avaURL = 'images/avatars/default.png';
$updateURL = mysql_query("UPDATE users SET avatar='$avaURL' WHERE id=$id");
$avaMessage = '<p><font size=2 color=aqua face=Tahoma>Avatar Updated - Default.</font></p>';
}
?>
答案 1 :(得分:0)
我认为http://php.net/manual/en/function.pathinfo.php会做你需要的。解析$ location并重建它,用你的$ username替换basename字段。