我正在制作一个BETA“视频上传网站”,但是人们可以直接按上传而不上传任何内容,并将我的数据库和视频网站垃圾邮件,如果有文件附加,我该如何才能上传
我的代码是:
<?php
mysql_connect("ip","username","password");
mysql_select_db("database");
if(isset($_POST['submit']))
{
$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
move_uploaded_file($temp,"uploaded/".$name);
$url = "http://www.mysite.dk/videoer/uploaded/$name";
mysql_query("INSERT INTO `videos` VALUE ('','$name','$url')");
}
?>
<html>
<head>
<title>Upload din video | Se videoer</title>
</head>
<body>
<a href="videoes.php">Videoer</a>
<form action="index.php" method="POST" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="submit" value="Upload!" />
</form>
<?php
if(isset($_POST['submit']))
{
echo "<br />".$name." Er blevet uploadet";
}
?>
</body>
</html>
答案 0 :(得分:0)
您需要检查PHP的$_FILES对象以确保用户提交数据,而不仅仅是检查是否设置了$_POST['submit']变量。