php无法阻止大文件上传

时间:2013-05-12 09:13:54

标签: php upload document

为什么以下代码回显“您的文件已成功加载”。当我尝试上传一个20mb .gif文件时,实际上a)应该被阻止,并且b)实际上没有上传?基本上,我正在尝试使用php限制文件上传类型,大小。第一页有一个表格,最多可提交10张照片。

<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);

$namebase = $_POST['projectID'].'_';

$ProjID = $_POST['projectID'];

$counter = 0;

function reArrayFiles(&$file_post) {

    $file_ary = array();
    $file_count = count($file_post['name']);
    $file_keys = array_keys($file_post);

    for ($i=0; $i<$file_count; $i++) {
        foreach ($file_keys as $key) {
            $file_ary[$i][$key] = $file_post[$key][$i];
        }
    }

    return $file_ary;
}
if ($_FILES['userfile']) {
    $file_ary = reArrayFiles($_FILES['userfile']);

foreach ($file_ary as $file) {
    $counter = $counter + 1;
        print 'File Name: ' . $file['name'];
        print 'File Type: ' . $file['type'];
        print 'File Size: ' . $file['size'];


    if (empty($file['name'])) {
        break;    /* You could also write 'break 1;' here. */
    }

    $url_base="";
    $max_filesize = 1048576; // Maximum filesize in BYTES (currently 1MB).
    $upload_path = '../dev/images/uploaded/'; // The place the files will be uploaded to (currently a 'files' directory).
    $allowed_filetypes = array('.jpg','.JPG'); // These will be the types of file that will pass the validation.
    $ext = substr($file['name'], strpos($file['name'],'.'), strlen($file['name'])-1);// Get the extension from the filename.  
    $a='photo'.$counter;
    ${$a} = 'http:xxxxxxxxx'.$namebase.$counter.$ext;

    if(!in_array($ext,$allowed_filetypes))
    die('The file type of '.$file['name'].' you attempted to upload is not allowed. <INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">'); 
    // Now check the filesize, if it is too large then DIE and inform the user.


   if(filesize($file['tmp_name']) > $max_filesize)
      die($file['name'].' you attempted to upload is too large.<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">');

   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">');

   // Upload the file to your specified path. can rename here.move_uploaded_file(original file name, destination path and filename)
 if(move_uploaded_file($file['tmp_name'],$upload_path.$namebase.$counter.$ext)){
      echo   '<b> '.$file['name'].'</b>'.' Accepted.  Renamed '.'<b>'.$namebase.$counter.$ext.'</b>'.'<br>';
          // It worked.
 }

      else
         die('There was an error during the file upload.  Please try again.'); // It failed :(.


    }
}

echo 'Your files have been successfully loaded.<br>'; 

?>

2 个答案:

答案 0 :(得分:0)

你的if ($_FILES['userfile'])可能是假的,所以它直接进入文件的末尾;)

答案 1 :(得分:0)

打印$ _FILES数组

print_r($_FILES)

如果它为空,那么你将获得成功消息。

相关问题
最新问题