我的作业要求我让用户将.gif文件扩展名上传到文件夹,并在上传文件后显示。
我收到了表单和处理页面,但我似乎无法让它们工作。我将目录的权限设置为rwxrwxrwx以测试它。
上传文件代码:
<html>
<head>
<title>Assignment 7 Part II -- Art Gallery</title>
</head>
<body>
<form method="post" action="a7a2.php" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="50000">
Your file: <input type="file" name="uploadFile" /><br />
<input type="submit" value="Upload it">
</form>
</body>
</html>
代码:
<html>
<head>
<title>Assignment 7 Part II -- Art Gallery Results</title>
</head>
<body>
<?php
$uploadDir = 'images/';
$uploadFileDir = $uploadDir . basename($_FILES['uploadFile']['name']);
if(isset($_FILES['uploadFile'])) {
if($_FILES['uploadFile']['error'] != UPLOAD_ERR_OK ||
$_FILES['uploadFile']['mime'] != "image/gif") {
print "<p>File not uploaded successfully!</p>";
print "<p>Please make sure the file has the correct file extension: .gif</p>";
print "<p><a href='a7p2.php'>Try uploading again</a>";
var_dump($_FILES['uploadFile']['error']);
die;
} else {
move_uploaded_file($_FILES['uploadFile']['name'], $uploadFileDir) or die("Can't move file to $uploadFileDir");
print "<p>Success!</p>";
}
}
$uploadedFiles = glob("/students/ryan/php/images/*.gif");
if($uploadedFiles != false) {
print "<p>Here are pictures from the art gallery: </p>";
foreach($uploadedFiles as $file) {
$url = "http://hills.ccsf.edu/~ryan/images/" . substr($file, strrpos($file, '/') + 1);
print "<p><img src=\"$url\"></p>";
}
} else {
print "There are no pictures in the art gallery";
}
?>
</body>
</html>
或相同的代码,链接到以下代码:
答案 0 :(得分:3)
依赖浏览器告诉您文件的MIME类型是不安全的。相反,您应该检查文件是否应该是它应该是什么。在这种情况下:
if( !@imagecreatefromgif($_FILES['uploadFile']['tmp_name'])) {
// file is not a valid GIF image
}
答案 1 :(得分:-1)
你需要使用tmp_name而不是move_uploaded_file的名称
move_uploaded_file($_FILES['uploadFile']['tmp_name'], $uploadFileDir) or die("Can't move file to $uploadFileDir");
也代替$ _FILES [&#39; uploadFile&#39;] [&#39; mime&#39;]!=&#34; image / gif&#34;){
应该是$ _FILES [&#39; uploadFile&#39;] [&#39; type&#39;]!=&#34; image / gif&#34;){