我尝试使用php将图像上传到系统中,它与其他文件一起正常工作但是当图像包含单引号时,该功能不起作用。下面的代码用于使用定义的类上传和调整图像大小。 这是我的代码。
$filename = strtolower($_FILES['file']['name']);
$filename=mysql_real_escape_string($filename);
$filename=stripslashes($filename);
$whitelist = array('jpg', 'png', 'gif', 'jpeg'); #example of white list
//$backlist = array('php', 'php3', 'php4', 'phtml','exe'); #example of black list
if(@in_array(end(explode('.', $filename)), $whitelist))
{
$direc=$school_index;
If(!file_exists($direc)) {
/* wherever this particular script will be installed, I want to create a subfolder */
/* Step 1. I need to know the absolute path to where I am now, ie where this script is running from...*/
$thisdir = getcwd();
/* Step 2. From this folder, I want to create a subfolder called "myfiles". Also, I want to try and make this folder world-writable (CHMOD 0777). Tell me if success or failure... */
if(mkdir($thisdir ."/$direc" , 0777))
{
$msg= "Directory has been created successfully...";
}
else
{
$msg= "Failed to create directory...";
}
}
$filename = strtolower($_FILES['file']['name']);
$file=strtolower($_FILES['file']['name']);
$path =$direc;
$ext=pathinfo($file,PATHINFO_EXTENSION);
$name=pathinfo($path,PATHINFO_FILENAME);
echo "File alredy exists .So name is changed automatically & moved";
//$path1="$folder/";
$leng=strlen($name);
$name=substr($name,$leng);
$new_name=$name.$_SESSION['candidate_photo_name'].".".$ext;
$new_name=addslashes($new_name);
$upload=mysql_real_escape_string($_FILES['file']['tmp_name']);
$file_upload=move_uploaded_file($_FILES['file']['tmp_name'],$school_index."/".$new_name);
if(!$file_upload){
$int=$_SESSION['candidate_id'];
$serial=$_SESSION['candidate_serial'];
$msg="Sory,we are unable to upload this file due to file name to contain unrequired characters,please try again later!";
$_SESSION["photo_entry_msg"]=$msg;
header("location:client.php?page=upload_student_photo&student_id=$int&serial=$serial"); exit;
}
$filename=mysql_real_escape_string($new_name);
$filename=$school_index."/".$filename;
require"php/image_resize.class.php";
$resize = new ResizeImage($filename);
$resize->resizeTo(100, 100, 'maxHeight');
$resize->saveImage($filename);
//$resize->move_uploaded_file($_FILES["file"]["tmp_name"],"images/" . $_FILES["file"]["name"]);
// our sql query
//echo $_POST['st_int'];
$sql_update = mysql_query("UPDATE photo_entry SET photo='{$filename}' where id='{$int}'") or die("".mysql_error());
//$sql_select = mysql_query("SELECT teacher_name from class_teachers where id='{$int}'");
//
if(!$sql_update){
$int=$int;
$msg=strtoUpper('Error occured during uploading signature for '.$name);
header("location:client.php?page=view_upload_photo&t_id=$int&e=".urlencode($msg)); exit;
}
elseif($sql_update){
$int=$int;
$msg=strtoUpper('Congratulation for uploading photo for '.$_SESSION['cand_name']);
$_SESSION["photo_entry_msg"]=$msg;
header("location:client.php?page=view_upload_photo"); exit;
}
}
答案 0 :(得分:1)
最快的方法是用其他内容替换文件名中的单引号,例如使用下划线。