Question

我的上传代码存在问题，它接受无效文件并将文件名保存在数据库中。我不知道代码的哪一部分是错误的。

<?php
session_start();
if (!isset($_SESSION['LOGIN_STATUS'])) {
    header('location:login.php');
}
?>

<?php
$allowedExts = array(
    "gif",
    "jpeg",
    "jpg",
    "png"
);
$temp        = explode(".", $_FILES["file"]["name"]);
$extension   = end($temp);
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")) && ($_FILES["file"]["size"] < 2000000) && in_array($extension, $allowedExts)) {
    if ($_FILES["file"]["error"] > 0) {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    } else {
        echo "Upload: " . $_FILES["file"]["name"] . "<br>";
        echo "Type: " . $_FILES["file"]["type"] . "<br>";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

        if (file_exists("upload/" . $_FILES["file"]["name"])) {
            echo $_FILES["file"]["name"] . " already exists. ";
            $image = $_FILES["file"]["name"];
        } else {
            move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
            echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
            $image = $_FILES["file"]["name"];
        }
    }
} else if ($_FILES["file"]["name"] == null) {
    $image = $_SESSION['IMAGE'];
} else {
    echo "Invalid file";
}
?>

<?php
include("includes/dbConnect.php");

$Department   = $_SESSION['DEPARTMENT'];
$lname        = $_POST['lname'];
$fname        = $_POST['fname'];
$mname        = $_POST['mname'];
$alias        = $_POST['alias'];
$place        = $_POST['place'];
$address      = $_POST['address'];
$gender       = $_POST['gender'];
$nationality  = $_POST['nationality'];
$age          = $_POST['age'];
$complexion   = $_POST['complexion'];
$height       = $_POST['height'];
$weight       = $_POST['weight'];
$build        = $_POST['build'];
$haircolor    = $_POST['haircolor'];
$pecularities = $_POST['pecularities'];
$other        = $_POST['other'];
$clname       = $_POST['clname'];
$cfname       = $_POST['cfname'];
$cmname       = $_POST['cmname'];
$cnumber      = $_POST['cnumber'];
$caddress     = $_POST['caddress'];
$relationship = $_POST['relationship'];
$description  = $_POST['description'];
$lastseen     = $_POST['lastseen'];

mysql_query("INSERT INTO `persons`(LastName,FirstName,MiddleName,Image,Alias,Place,Address,Gender,Nationality,Age,Complexion,Height,Weight,Build,HairColor,          Pecularities, Other, CLastName, CFirstName, CMiddleName, ContactNumber, Relationship, Status, CAddress,Description,Department,lastseen) VALUES ('$lname','$fname','$mname','$image','$alias',       '$place','$address','$gender','$nationality','$age','$complexion','$height','$weight','$build','$haircolor','$pecularities',        '$other','$clname','$cfname','$cmname','$cnumber','$relationship','Missing','$caddress','$description','$Department','$lastseen')");

header('location:admin_search.php');
mysql_close($con);

?>

上面的代码验证了用户输入，但它也保存了无效文件的文件名，而不是文件本身。我不知道哪个部分有错误它执行查询部分，但上传图像的验证接受不同的文件类型，但我有扩展allowExts。

Answer 1

您需要将exit作为以下代码。

else {
    echo "Invalid file";
    exit;
}

验证图像接受无效文件上传

1 个答案: