带有文件上传问题的PHP表单

时间:2014-11-05 14:45:55

标签: php wordpress file-upload

我正在处理与WordPress一起使用的表单。我遇到的问题是只允许上传某些文件并对其进行检查。如果不允许文件,则应显示错误消息。

到目前为止,这是我的表格:

<form method="post" id="campaignform" enctype="multipart/form-data" name="campaignform" onSubmit="return CheckForm();">
    Name: <?php if(isset($empty_yourname)){ echo $empty_yourname;}?><br />
    <input type="text" id="yourname" name="yourname" value="<?php if(isset($_POST['yourname'])){ echo $_POST['yourname'];}?>"><br /><br /><br />
    E-mail: <?php if(isset($empty_email)){ echo $empty_email;} if(isset($invalid_email)){ echo $invalid_email;}?><br />
    <input type="text" id="email" name="email" value="<?php if(isset($_POST['email'])){ echo $_POST['email'];}?>"><br /><br /><br />
    Telephone: <?php if(isset($empty_telephone)){ echo $empty_telephone;}?><br />
    <input type="text" id="telephone" name="telephone" value="<?php if(isset($_POST['telephone'])){ echo $_POST['telephone'];}?>"><br /><br /><br />
    Description: <?php if(isset($empty_description)){ echo $empty_description;}?><br />
    <textarea id="description" name="description"><?php if(isset($_POST['description'])){ echo htmlspecialchars($_POST['description']);}?></textarea><br /><br /><br />
    fileupload<br />
    <input type="file" id="file" name="file"><br />
    <input type="file" id="file2" name="file2"><br />
    <input type="file" id="file3" name="file3"><br />
    <input type="file" id="file4" name="file4"><br />
    <input type="file" id="file5" name="file5"><br /><br /><br />
    <input type="checkbox" id="agreement" name="agreement">I accept the agreement. <?php if(isset($empty_agreement)){ echo $empty_agreement;}?><br />
    <input type="submit" name="submit">
</form>

到目前为止我编写的PHP(现在我只测试一个上传字段,但这应该适用于所有文件字段):

<?php
/* on submit */
if( $_SERVER['REQUEST_METHOD'] == 'POST') {

/* check fields */
if(is_array($_POST) && empty($_POST['yourname']) OR empty($_POST['email']) OR empty($_POST['telephone']) OR empty($_POST['description']) OR empty($_POST['agreement']) OR !empty($_FILES['file']['name'])) {

if (empty($_POST['yourname'])) {
    $empty_yourname = "Please enter your name.";
}

if (empty($_POST['email'])) {
    $empty_email = "Please enter your e-mail adress.";
} else {

$email = $_POST["email"];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  $invalid_email = "Invalid email format";
}
}

if (empty($_POST['telephone'])) {
    $empty_telephone = "Please enter your telephone number.";
}

if (empty($_POST['description'])) {
    $empty_description = "Please enter a description.";
}

if (empty($_POST['agreement'])) {
    $empty_agreement = "You must accept the agreement.";
}

/* this check is not working properly */
if (!empty($_FILES['file']['name'])) {
    $allowed =  array('gif','png','jpg');
    $filename = $_FILES['file']['name'];
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    if(!in_array($ext,$allowed)) {
        /* Output temporary error-message */
        echo 'Error';
    }
}


}

    /* We are successfull and post to DB */
    else {

        global $wpdb;
        $table = wp_verk1_campaign;
        $data = array(
            'contributorname'   => $_POST['yourname'],
            'email'             => $_POST['email'],
            'telephone'         => $_POST['telephone'],
            'description'       => $_POST['description'],
            'date'              => date('Y-m-d'),
            'time'              => date('H:i:s'),
            'upload'            => upload_user_file($_FILES['file']),
            'upload2'           => upload_user_file($_FILES['file2']),
            'upload3'           => upload_user_file($_FILES['file3']),
            'upload4'           => upload_user_file($_FILES['file4']),
            'upload5'           => upload_user_file($_FILES['file5'])
        );
        $format = array(
            '%s',
            '%s'
        );

        $success=$wpdb->insert( $table, $data, $format );

        if($success){
            echo 'data has been saved... ' ; 
        }

    }

    }
?>

我该如何做到这一点?

亲切的问候 约翰

1 个答案:

答案 0 :(得分:1)

这种条件是多余的,因为无论如何你都要单独进行所有这些检查。

if (is_array($_POST) && empty($_POST['yourname']) OR empty($_POST['email']) OR empty($_POST['telephone']) OR empty($_POST['description']) OR empty($_POST['agreement']) OR ! empty($_FILES['file']['name'])) {....}

只需删除整行,匹配结束即可。

由于您使用if-else来确定您的数据是否有效,而我们刚刚删除了if部分,因此我们必须采取其他措施来确定您的文件是否适合上传。一个简单的布尔值就可以了。

/* on submit */
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $error = false;

    /* check fields */
    if (empty($_POST['yourname'])) {
        $empty_yourname = "Please enter your name.";
        $error = true;
    }

    if (empty($_POST['email'])) {
        $empty_email = "Please enter your e-mail adress.";
        $error = true;
    } else {

        $email = $_POST["email"];
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $invalid_email = "Invalid email format";
            $error = true;
        }
    }

    if (empty($_POST['telephone'])) {
        $empty_telephone = "Please enter your telephone number.";
        $error = true;
    }

    if (empty($_POST['description'])) {
        $empty_description = "Please enter a description.";
        $error = true;
    }

    if (empty($_POST['agreement'])) {
        $empty_agreement = "You must accept the agreement.";
        $error = true;
    }

    /* this check is not working properly */
    if (!empty($_FILES['file']['name'])) {
        $allowed = array('gif', 'png', 'jpg');
        $filename = $_FILES['file']['name'];
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        if (!in_array($ext, $allowed)) {
            /* Output temporary error-message */
            echo 'Error';
            $error = true;
        }
    }

    /* We are successfull and post to DB */ 
    if(!$error){

        global $wpdb;
        $table = wp_verk1_campaign;
        $data = array(
            'contributorname' => $_POST['yourname'],
            'email' => $_POST['email'],
            'telephone' => $_POST['telephone'],
            'description' => $_POST['description'],
            'date' => date('Y-m-d'),
            'time' => date('H:i:s'),
            'upload' => upload_user_file($_FILES['file']),
            'upload2' => upload_user_file($_FILES['file2']),
            'upload3' => upload_user_file($_FILES['file3']),
            'upload4' => upload_user_file($_FILES['file4']),
            'upload5' => upload_user_file($_FILES['file5'])
        );
        $format = array(
            '%s',
            '%s'
        );

        $success = $wpdb->insert($table, $data, $format);

        if ($success) {
            echo 'data has been saved... ';
        }
    }
}