if ( isset( $_FILES['upload'] ) ) {
$name_array = $_FILES['upload']['name'];
$size_array = $_FILES['upload']['size'];
$type_array = $_FILES['upload']['type'];
$ext = substr($upload, strrpos($upload, '.') + 1);
$allowed = array('image/jpeg:jpg','image/pjpeg:jpg','image/gif:gif','image/png:png');
$tmp_name_array = $_FILES['upload']['tmp_name'];
if (!in_array($_FILES['uploaded']['type'], $allowed)){
exit("unsupported");
}
if ( move_uploaded_file( $tmp_name_array[$i], "uploaded/" . $name_array[$i] ) ) {
echo "Image $name_array[$i] uploaded<br>";
} else {
echo "Image #$i left blank<br>";
}
}
我究竟做错了什么?我真的可以帮忙。谢谢。如果不清楚我想要实现的是对来自数组的3个上传图像的验证
答案 0 :(得分:0)
如果您尝试实现上传限制,请参阅下面的示例。
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png"); //Set allowed file extensions
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp); //Get file extension of the file being uploaded
if ((($_FILES["file"]["type"] == "image/gif") //check if file is allowed
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000) //check the size of the file
&& in_array($extension, $allowedExts)) { //check if the extension is in the array
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"uploaded/" . $_FILES["file"]["name"]); //move file to specific folder
echo "Stored in: " . "uploaded/" . $_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
答案 1 :(得分:0)
在你的代码中我主要看到两件可能导致问题的事情:
1.文件类型检查
$allowed = array('image/jpeg:jpg','image/pjpeg:jpg','image/gif:gif','image/png:png');
针对此数组的每次检查都将失败,格式如下:
'image/jpeg', 'image/png'
等等。
如果你想在数组中保留扩展名,可以使用以下内容:
$allowed = array(
'image/jpeg' => 'jpg',
'image/pjpeg' => 'jpg',
'image/gif' => 'gif',
'image/png' => 'png'
);
//Check if in allowed list
//you can also check like this "if (isset($allowed[strtolower($_FILES['uploaded']['type'])]))"
if (!in_array(strtolower($_FILES['uploaded']['type']), array_keys($allowed)))
{
exit("unsupported");
}
//Get extention
$extention = $allowed[strtolower($_FILES['uploaded']['type'])];
2.移动上传的文件
move_uploaded_file( $tmp_name_array[$i], "uploaded/" . $name_array[$i] )
在你的情况下,$ tmp_name_array [$ i]错误,应该只是$ tmp_name_array,因为它实际上不是一个数组,它是一个包含服务器上传的临时文件位置的字符串。 $ name_array [$ i]也错了它的字符串=>&gt;原始文件名。另一个建议是在上传时使用完整路径。所以我想这样做会更好:
//Useing client sent file name may not be safe to use, so make it safe by removeing unsafe symbols. Example easy way it can be "md5($name_array) . $extention"
$name_array = yourFunctionToMakeFilenameSafe($name_array);
if (!move_uploaded_file( $tmp_name_array, getcwd() . "/uploaded/" . $name_array )
{
die('failed!');
}
此外,如果这只是图像上传功能,我不会在客户端报告的文件类型中继,因为它可以很容易伪造。所以我会使用其他东西来确定文件真实类型。我通常使用imagemagic来做,但你也可以使用像php function exif_imagetype这样的其他东西。