PHP - 使用Apostrophe问题的文件上传

时间:2014-07-15 11:02:55

标签: php file-upload

我试过addslashes& str_replace(" ' ", " ", $_FILES['file']['name'])要逃避撇号或删除它但是没有任何区别,因为我仍然得到500内部服务器错误?这是我的代码

<?php

$whitelist = array('application/pdf',
'application/vnd.ms-excel',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'application/msword',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document');

if (isset($_POST['submit'])) {

$uploadname = str_replace("'", "", $_FILES['file']['name']);
$uploadsize = str_replace("'", "", $_FILES['file']['size']);
$uploadtype = str_replace("'", "", $_FILES['file']['type']);
$uploadtemp = str_replace("'", "", $_FILES['file']['tmp_name']);

/*
$uploadname = addslashes($_FILES['file']['name']);
$uploadsize = addslashes($_FILES['file']['size']);
$uploadtype = addslashes($_FILES['file']['type']);
$uploadtemp = addslashes($_FILES['file']['tmp_name']);
*/

if (empty($uploadname)) { 

$message = "<b> * No File Selected</b>"; }

else if ($uploadsize > 5000000) { 

$message = "<b> * 5MB Max Upload</b>"; }

else if (!in_array($uploadtype, $whitelist) && !empty($uploadname)) { 

$message = "<b> * PDF, Excel orWord Format Only</b>"; }

else {

define('UPLOAD_DIR', '/home/moo/suppliers/');

$ext = pathinfo($uploadname, PATHINFO_EXTENSION);
$file = ''.rand(1,99999).'.'.$ext.'';

move_uploaded_file($uploadtemp, UPLOAD_DIR.$code.'/pricelists/'.$file);

$message = "<b> * File Uploaded</b>"; } }

?>

我使用的是str_replace&amp; addslashes函数在这种情况下是否正确?由于我的服务器错误日志为空,这个错误可能是由其他原因造成的吗?

1 个答案:

答案 0 :(得分:1)

$ext = pathinfo($upload, PATHINFO_EXTENSION);

$ upload未定义。也可以使用elseif代替else if