php表单没有文件没有上传

时间:2013-12-20 22:51:32

标签: php file upload

我正在制作一个BETA“视频上传网站”,但是人们可以直接按上传而不上传任何内容,并将我的数据库和视频网站垃圾邮件,如果有文件附加,我该如何才能上传

我的代码是:

<?php

mysql_connect("ip","username","password");
mysql_select_db("database");

if(isset($_POST['submit']))
{
    $name = $_FILES['file']['name'];
    $temp = $_FILES['file']['tmp_name'];

    move_uploaded_file($temp,"uploaded/".$name);
    $url = "http://www.mysite.dk/videoer/uploaded/$name";
    mysql_query("INSERT INTO `videos` VALUE ('','$name','$url')");
}

?>

<html>
<head>
<title>Upload din video | Se videoer</title>

</head>

<body>

<a href="videoes.php">Videoer</a>
<form action="index.php" method="POST" enctype="multipart/form-data">
    <input type="file" name="file" />
    <input type="submit" name="submit" value="Upload!" />
</form>

<?php

if(isset($_POST['submit']))
{
    echo "<br />".$name." Er blevet uploadet";
}

?>

</body>

</html>

1 个答案:

答案 0 :(得分:0)

您需要检查PHP的$_FILES对象以确保用户提交数据,而不仅仅是检查是否设置了$_POST['submit']变量。

http://www.php.net/manual/en/reserved.variables.files.php