所以我写了一个脚本将用户头像上传到服务器并在数据库中更改url(感谢YT教程:))现在我想让文件检查用户不上传JPG以外的其他文件, JPEG,PNG,GIF和大于10MB的。 我要做的第二件事是当用户上传他的头像时,它会移除旧版头并将文件名更改为一个randoom编号。
所以现在我被困了一点,不知道从哪里开始有人可以帮忙吗? :)我无法在google上找到适合这段代码的有用教程尽可能简单..
到目前为止我写的代码;
if (isset($_POST['submit'])) {
$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
$allowedExts = array("jpg", "jpeg", "gif", "png");
if ($name) {
$location = "uploads/avatars/$name";
move_uploaded_file($tmp_name, $location);
$query = mysql_query("UPDATE users SET avatar = '$name' WHERE id = '$session_user_id'");
echo 'Your avatar has been changed sucessfully!';
}else {
echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';}
答案 0 :(得分:0)
您应该检查$ _FILE关联数组的'type'和'size'字段,以验证您接收的文件类型(您的案例中的图像)和文件的大小。
答案 1 :(得分:0)
您可以在php.ini:
upload_max_filesize = 10M
或者,您可以这样做:
const('IMG_MAX_SIZE', 10485760); // 10 MB
if ($_FILES['file']['size'] > IMG_MAX_SIZE) {
// display error message then exit
}
// save image
您可以检查扩展名,但这并不意味着该文件实际上是由它指示的类型。它可以是重命名为.png的视频。
要确定真实类型,请检查客户端返回的mime类型:
$allowed_types = array('image/png', 'image/jpeg', 'image/gif');
if (!in_array($_FILES['file']['type'], $allowed_types)) {
// display error message (invalid file type) then exit
}
如果您想确保文件的类型正确(客户端可以报告它想要的任何类型,以便恶意用户可以欺骗您的脚本),请在使用Fileinfo保存文件后进行检查:
http://php.net/manual/en/function.finfo-file.php
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $filename) . "\n";
finfo_close($finfo);
if (!in_array($_FILES['file']['type'], $allowed_types)) {
// display error message (invalid file type) then exit
}
答案 2 :(得分:0)
看起来你已经到了一半了。只需检查$allowedExtensions数组的文件扩展名。
<?php
if (isset($_POST['submit'])) {
$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
$allowedExts = array("jpg", "jpeg", "gif", "png");
$isValidFormat = in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions);
$fileSize = $_FILES['myfile']['size'];
$maxFileSize = 10485760; // == 10M
if ($isValidFormat && $fileSize < 10485760) { // Changed the if statement
if($_FILES['myfile']['file_size'])
$location = "uploads/avatars/$name";
move_uploaded_file($tmp_name, $location);
$query = mysql_query("UPDATE users SET avatar = '$name' WHERE id = '$session_user_id'");
echo 'Your avatar has been changed sucessfully!';
}else {
echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';
}
}
?>
答案 3 :(得分:0)
if($_FILES){
$allowedExtensions = array("jpg", "jpeg", "gif", "png");
$f = $_FILES;
foreach($f as $key=>$val){
if(!empty($val['tmp_name'])){
$ext = end(explode(".",strtolower(basename($val['name']))));
if($val['size'] > 10485760){ // handle size
echo 'Image is too large';
}elseif(!in_array($ext,$allowedExtensions)){ // handle extension
echo 'Please select a file! Following are supported; JPG, JPEG, PNG, GIF!';
}else{
$val['name'] = 'YOUR_RANDOM_FILE_NAME'.$ext;
$location = "uploads/avatars/".basename($val['name']);
if(move_uploaded_file($val['tmp_name'],$location)){ //handle upload
$query = mysql_query("UPDATE users SET avatar = '".$val['name']."' WHERE id = '$session_user_id'");
echo 'Your avatar has been changed sucessfully!';
}else{
echo 'An error occured on upload.';
}
}
}
}
}