希望有人可以回答我的问题。
我有一个基本表单,其中包含简单字段,如姓名,号码,电子邮件地址等以及1个文件上传字段。
我正在尝试在我的脚本中添加一些验证,检测文件是否太大,然后拒绝用户返回表单以选择/上传较小的文件。
我的问题是,如果用户选择的文件大于我的验证文件大小规则并且大于php.ini POST_MAX_SIZE / UPLOAD_MAX_FILESIZE并推送提交,那么PHP似乎尝试仅在POST_MAX_SIZE设置上处理表单失败然后清除整个$ _POST数组并返回表单。
有解决方法吗?当然,如果有人上传了某些内容>比php.ini中配置的最大大小,你仍然可以获得其余的$ _POST数据???
这是我的代码。
<?php
function validEmail($email)
{
$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
} else {
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64)
{
// local part length exceeded
$isValid = false;
}
else if ($domainLen < 1 || $domainLen > 255)
{
// domain part length exceeded
$isValid = false;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
{
// local part starts or ends with '.'
$isValid = false;
}
else if (preg_match('/\\.\\./', $local))
{
// local part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
{
// character not valid in domain part
$isValid = false;
}
else if (preg_match('/\\.\\./', $domain))
{
// domain part has two consecutive dots
$isValid = false;
}
else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local)))
{
// character not valid in local part unless
// local part is quoted
if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local)))
{
$isValid = false;
}
}
}
return $isValid;
}
//setup post variables
@$name = htmlspecialchars(trim($_REQUEST['name']));
@$emailCheck = htmlspecialchars(trim($_REQUEST['email']));
@$organisation = htmlspecialchars(trim($_REQUEST['organisation']));
@$title = htmlspecialchars(trim($_REQUEST['title']));
@$phone = htmlspecialchars(trim($_REQUEST['phone']));
@$location = htmlspecialchars(trim($_REQUEST['location']));
@$description = htmlspecialchars(trim($_REQUEST['description']));
@$fileError = 0;
@$phoneError = "";
//setup file upload handler
$target_path = 'uploads/';
$filename = basename( @$_FILES['uploadedfile']['name']);
$max_size = 8000000; // maximum file size (8mb in bytes) NB: php.ini max filesize upload is 10MB on test environment.
$allowed_filetypes = Array(".pdf", ".doc", ".zip", ".txt", ".xls", ".docx", ".csv", ".rtf"); //put extensions in here that should be uploaded only.
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
if(!is_writable($target_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); //Check if we can upload to the specified upload folder.
//display form function
function displayForm($name, $emailCheck, $organisation, $phone, $title, $location, $description, $phoneError, $allowed_filetypes, $ext, $filename, $fileError)
{
//make $emailCheck global so function can get value from global scope.
global $emailCheck;
global $max_size;
echo '<form action="geodetic_form.php" method="post" name="contact" id="contact" enctype="multipart/form-data">'."\n".
'<fieldset>'."\n".'<div>'."\n";
//name
echo '<label for="name"><span class="mandatory">*</span>Your name:</label>'."\n".
'<input type="text" name="name" id="name" class="inputText required" value="'. $name .'" />'."\n";
//check if name field is filled out
if (isset($_REQUEST['submit']) && empty($name))
{
echo '<label for="name" class="error">Please enter your name.</label>'."\n";
}
echo '</div>'."\n". '<div>'."\n";
//Email
echo '<label for="email"><span class="mandatory">*</span>Your email:</label>'."\n".
'<input type="text" name="email" id="email" class="inputText required email" value="'. $emailCheck .'" />'."\n";
// check if email field is filled out and proper format
if (isset($_REQUEST['submit']) && validEmail($emailCheck) == false)
{
echo '<label for="email" class="error">Invalid email address entered.</label>'."\n";
}
echo '</div>'."\n". '<div>'."\n";
//organisation
echo '<label for="phone">Organisation:</label>'."\n".
'<input type="text" name="organisation" id="organisation" class="inputText" value="'. $organisation .'" />'."\n";
echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n";
//title
echo '<label for="phone">Title:</label>'."\n".
'<input type="text" name="title" id="title" class="inputText" value="'. $title .'" />'."\n";
echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n";
//phone
echo '<label for="phone"><span class="mandatory">*</span>Phone <br /><span class="small">(include area code)</span>:</label>'."\n".
'<input type="text" name="phone" id="phone" class="inputText required" value="'. $phone .'" />'."\n";
// check if phone field is filled out that it has numbers and not characters
if (isset($_REQUEST['submit']) && $phoneError == "true" && empty($phone)) echo '<label for="email" class="error">Please enter a valid phone number.</label>'."\n";
echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n";
//Location
echo '<label class="location" for="location"><span class="mandatory">*</span>Location:</label>'."\n".
'<textarea name="location" id="location" class="required">'. $location .'</textarea>'."\n";
//check if message field is filled out
if (isset($_REQUEST['submit']) && empty($_REQUEST['location'])) echo '<label for="location" class="error">This field is required.</label>'."\n";
echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n";
//description
echo '<label class="description" for="description">Description:</label>'."\n".
'<textarea name="description" id="queryComments">'. $description .'</textarea>'."\n";
echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n";
//file upload
echo '<label class="uploadedfile" for="uploadedfile">File:</label>'."\n".
'<input type="file" name="uploadedfile" id="uploadedfile" value="'. $filename .'" />'."\n";
// Check if the filetype is allowed, if not DIE and inform the user.
switch ($fileError)
{
case "1":
echo '<label for="uploadedfile" class="error">The file you attempted to upload is not allowed.</label>';
break;
case "2":
echo '<label for="uploadedfile" class="error">The file you attempted to upload is too large.</label>';
break;
}
echo '</div>'."\n". '</fieldset>';
//end of form
echo '<div class="submit"><input type="submit" name="submit" value="Submit" id="submit" /></div>'.
'<div class="clear"><p><br /></p></div>';
} //end function
//setup error validations
if (isset($_REQUEST['submit']) && !empty($_REQUEST['phone']) && !is_numeric($_REQUEST['phone'])) $phoneError = "true";
if (isset($_REQUEST['submit']) && $_FILES['uploadedfile']['error'] != 4 && !in_array($ext, $allowed_filetypes)) $fileError = 1;
if (isset($_REQUEST['submit']) && $_FILES["uploadedfile"]["size"] > $max_size) $fileError = 2; echo "this condition " . $fileError;
$POST_MAX_SIZE = ini_get('post_max_size');
$mul = substr($POST_MAX_SIZE, -1);
$mul = ($mul == 'M' ? 1048576 : ($mul == 'K' ? 1024 : ($mul == 'G' ? 1073741824 : 1)));
if ($_SERVER['CONTENT_LENGTH'] > $mul*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) echo "too big!!";
echo $POST_MAX_SIZE;
if(empty($name) || empty($phone) || empty($location) || validEmail($emailCheck) == false || $phoneError == "true" || $fileError != 0)
{
displayForm($name, $emailCheck, $organisation, $phone, $title, $location, $description, $phoneError, $allowed_filetypes, $ext, $filename, $fileError);
echo $fileError;
echo "max size is: " .$max_size;
echo "and file size is: " . $_FILES["uploadedfile"]["size"];
exit;
} else {
//copy file from temp to upload directory
$path_of_uploaded_file = $target_path . $filename;
$tmp_path = $_FILES["uploadedfile"]["tmp_name"];
echo $tmp_path;
echo "and file size is: " . filesize($_FILES["uploadedfile"]["tmp_name"]);
exit;
if(is_uploaded_file($tmp_path))
{
if(!copy($tmp_path,$path_of_uploaded_file))
{
echo 'error while copying the uploaded file';
}
}
//test debug stuff
echo "sending email...";
exit;
}
?>
PHP在日志中返回此错误: [29-Apr-2010 10:32:47] PHP警告:POST内容长度57885895字节超过了第0行未知的10485760字节限制
请原谅所有调试内容:)
FTR,我在IIS上运行PHP 5.1.2。
答案 0 :(得分:7)
PHP抛出所有POST数据,因为没有空间放置它。只有部分数据没有可靠性。
我会通过在单独的步骤(不同的表单)中上传必要的文件来解决此问题。您可以存储已在会话中获取的值,确保它们不会因POST数据过多而丢失。
答案 1 :(得分:3)
将文件上传分解为单独的<form>元素。在任一表单上执行提交操作时,取消默认操作,然后执行以下两项操作之一:
答案 2 :(得分:1)
您可能会发现在找到_POST数组后,您是否可以从php://input或php://stdin读取任何内容。您可以从那里检索POST数据并手动处理,但如果您的表单使用//input
enctype=multipart/form-data不起作用
答案 3 :(得分:0)
“尝试将文件字段移动到 形式的底部,看看是什么 发生。 - Marc B“
不幸的是,同样的情况发生了:清除了$_POST数组。
所以iFrame技巧似乎是最好的解决方案之一。谢谢你, Dereleased !
答案 4 :(得分:0)
其中一个技巧是使用这样的东西:
$lE = error_get_last();
if ( !empty($lE) && strpos($lE['message'] , 'POST Content-Length' ) !== false)
{
die ('Naughty naughty. you can only upload xxxxx bytes');
}