我使用以下脚本上传图片;此文件适用于除PNG文件以外的所有其他文件扩展名。有什么理由吗?
这是我的剧本;
// initialization
$result_final = "";
$counter = 0;
// List of our known photo types
$known_photo_types = array(
'image/pjpeg' => 'jpg',
'image/jpeg' => 'jpg',
'image/gif' => 'gif',
'image/bmp' => 'bmp',
'image/x-png' => 'png');
// GD Function Suffix List
$gd_function_suffix = array(
'image/pjpeg' => 'JPEG',
'image/jpeg' => 'JPEG',
'image/gif' => 'GIF',
'image/bmp' => 'WBMP',
'image/x-png' => 'PNG');
// Fetch the photo array sent by preupload.php
$photos_uploaded = $_FILES['photo_filename'];
// Fetch the photo caption array
$photo_caption = $_POST['photo_caption'];
while( $counter <= count($_FILES['photo_filename']['tmp_name']) )
{
if($photos_uploaded['size'][$counter] > 0)
{
if(!array_key_exists($photos_uploaded['type'][$counter], $known_photo_types))
{
$result_final .= "File ".($counter+1)." is not a photo!<br />";
}else{
mysql_query( "INSERT INTO database(`filename`, `caption`, `category`, `id`) VALUES('0', '".addslashes($caption[$counter])."', '".addslashes($_POST['category'])."', '".addslashes($_POST['id'])."')" );
$new_id = mysql_insert_id();
$filetype = $photos_uploaded['type'][$counter];
$extention = $known_photo_types[$filetype];
$filename = $new_id.".".$extention;
@mysql_query( "UPDATE database SET photo_filename='".addslashes($filename)."' WHERE photo_id='".addslashes($new_id)."'" );
// Store the orignal file
copy($photos_uploaded['tmp_name'][$counter], $images_dir2."/".$filename);
}
}
$counter++;
}
这是我的代码,当我上传一个jpeg或gif文件时,一切正常,但是当我上传一个png文件时,它不起作用。我也没有得到任何错误。请问,可能是什么错误?
答案 0 :(得分:2)
仅将其更改为:
image/png
答案 1 :(得分:1)
png是官方认可的mime类型,它应该只是image/png。 x-前缀用于实验/非官方类型。您可以通过var_dump($_FILES)轻松验证您获得的内容。
您的上传处理代码也需要更新。您不检查上传是否成功,只是假设它们成功了。永远不要假设成功。
if($_FILES['photo_filename']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error code " . $_FILES['photo_filename']['error']);
}
addslashes()完全无用的毫无意义的垃圾。它可以 NOTHING 来保护您免受SQL注入攻击。如果你坚持继续使用已弃用的mysql _ *()函数,那么至少要使用正确的mysql_real_escape_string()。