我只是想上传一个文件,但没有任何工作。
<!DOCTYPE html>
<html><body>
<form id="exp" enctype = "multipart/form-data" action="../cgi-bin/uploadPic.php">
<input type="file" id="profilePic2" name="newPic"></input> <br /><br /><br />
<input type="submit" value="Upload Pic" style="color:black;"></input>
</form>
</body></html>
我的php文件正在执行中。请注意草率的代码,我试图通过echo进行调试。
<html>
<body>
<?php
$loadFile = true; // error code
$allowedExts = array("jpg","jpeg","gif","png");
$extension = end(explode(".", $_FILES["newPic"]["name"]));
$file = $_FILES["newPic"];
$picIncluded = false;
if(( ($_FILES["newPic"]["type"] == "image/gif")
|| ($_FILES["newPic"]["type"] == "image/jpeg")
|| ($_FILES["newPic"]["type"] == "image/png")
|| ($_FILES["newPic"]["type"] == "image/pjpeg"))
&& ($_FILES["newPic"]["size"] < 5000000)
&& in_array($extension, $allowedExts)){
if($_FILES["newPic"]["error"] > 0){
echo "pnl"; // error code returned to client
}
else if(file_exists("../profile-pics/" . $file["name"])){
echo "pld"; // picture loaded duplicate
} else {
$picIncluded = true;
echo "finally";
if(move_uploaded_file($file["name"]["tmp_name"],"./" . $file["name"])){
echo "Success again!";
}
$path = "../profile-pics/" . $file["name"];
}
}
if(is_uploaded_file($_FILES["newPic"]["name"]["tmp_name"])){
echo "Good news!";
}
?>
</body>
</html>
无论如何,函数move_uploaded_file()返回false,因为它找不到临时文件。 is_uploaded_file()也返回false。我的扩展和一切都是正确的,但仍无济于事,没有文件上传。我该怎么调试呢?
答案 0 :(得分:5)
更改此
if(move_uploaded_file($file["name"]["tmp_name"],"./" . $file["name"])){
到
if(move_uploaded_file($file["tmp_name"],"./" . $file["name"])){
因为您已分配
$file = $_FILES["newPic"];
答案 1 :(得分:2)
同样,对于安全检查,您必须在上传之前检查is_uploaded_file():
if(is_uploaded_file($_FILES["newPic"]["tmp_name"])){
if(move_uploaded_file($_FILES["newPic"]["tmp_name"],"../profile-pics/" . $file["name"])){
echo 'file uploaded...';
}
}else{
echo "Possible file upload attack: ";
}