PHP上传文件类型和大小检查

时间:2015-01-24 13:00:50

标签: php html upload

我需要一张其他人可以使用的上传表格,将我的文件交给我。

HTML:

<form method="post" action="upload.php" enctype="multipart/form-data" id="form">
<table>
<tr><td><p>your name:</p></td></tr>
<tr><td><input name="name" type="text" size="50" style="height: 30px;"></td></tr>
<tr><td><p>your mail-adress:</p></td></tr>
<tr><td><input name="mail" type="text" size="50" style="height: 30px;"></td></tr>
<tr><td><p>your document:</p></td></tr>
<tr><td><input type="file" name="file" value="" /><br /><h6 style="margin-top: 5px; margin-bottom: 2px;">max. filesize: 2 MB<br />allowed filetypes: .doc, .docx, .pdf, .rtf, .odt</h6></td></tr>
</table>
<br />
<input type="submit" value="Send">
</form>

PHP:

<?php
$fehler = "";
$name = $_POST['name'];
$mail = $_POST['mail'];
$file = $_POST['file'];
$maxsize = "2097152";   /* 2MB in Bytes */
$allowedext =  array('doc','docx' ,'pdf', 'rtf', 'odt');

  if (empty($name)) {
   $fehler .= "<p>&bull; no name given!</p>" ;
  }
  if (empty($mail)) {
   $error .= "<p>&bull; no e-mail adress given</p>" ;
  }
  if (empty($file)) {
   $error .= "<p>&bull; choose a file!</p>" ;
  }
  if (empty($error)) {
   if (!in_array(filetype($file), $allowedext) { /* check filetype */
   $error .= "<p>&bull; filetype is not allowed</p>" ;
}
if (empty($error)) {
   if (filesize($file) > $maxsize) { /* check filesize */
    $error .= "<p>&bull; file is too big</p>" ;
   }
   if (empty($error)) {
    /* send data via mail */
    echo("your document has been send.");
   }
  }
}
echo($error);
echo ('<p><a href="../send_article">back</a></p>');
?>

我想在上传之前检查文件类型和大小。当我将upload.php文件上传到我的服务器时,如果我尝试使用此表单,我只会得到一个没有任何错误的白屏。

3 个答案:

答案 0 :(得分:2)

将您的$_POST['file']更改为$_FILES['file']

并尝试:

// check maximum size 
        if($_FILES['file']['size'] > $maxsize) 
         die('The file is too large');
// check file format
        elseif( !in_array(pathinfo(strtolower($_FILES['files']['name']), PATHINFO_EXTENSION),$allowedex))
         die($_FILES['files']['name'].' is not a valid format.');

答案 1 :(得分:1)

此答案提供了在将数据上传到服务器之前检查大小的解决方案。这是有道理的。如果您进行客户端检查,则可以删除服务器上不必要的帖子。必须对服务器进行健全性检查,客户端上的JavaScript代码可以更改。其他答案提供了有关如何改进服务器端代码的说明。

var mimeTypes = [
    "application/vnd.openxmlformats-officedocument.wordprocessingml.document", //docx
    "application/pdf", //pdf
    "application/msword", //doc
    "rtf;application/rtf", //rtf
    "rtf;application/x-rtf",
    "rtf;text/richtext",
    "application/vnd.oasis.opendocument.text" //odt
    ]

function readFiles(files)
{
    var iMax = files.length;
    var sum = "";
    var max = 2097152;
    for (var i = 0; i < iMax; i++) 
    {
        var fileType = files[i].type;
        var fileSize = files[i].size;
        sum += parseInt(fileSize);

        if (mimeTypes.indexOf(files[i].type) == -1)
        {   
            alert("Invalid file selected");
            return false;
        }
    }
    if (sum > max)
    {
        alert("Total file size exceeds maximum upload size.");
        return false;
    }

    return true;
}
document.getElementById("form").querySelector("input[type='file']").addEventListener("change", readFiles, false);
每当在文件输入上触发更改事件时,

readFiles将触发。在支持 HTML5输入元素的浏览器中,您可以读出file typefile size属性。它们继承自Blob对象。您甚至可以将文件传递给 FileReader 对象,以便您读取文件的内容。

  

IE 10中的错误11.在IE10和11上存在一个错误,当在图像上使用时会在file-type上返回一个空字符串。您可以通过检查扩展名解决此问题。

答案 2 :(得分:-1)

有趣....我更喜欢更少的代码行...... 

<form method="post" action="upload.php" enctype="multipart/form-data" id="form">
<table>
<tr><td><p>your name:</p></td></tr>
<tr><td><input required="required" name="name" type="text" size="50" style="height: 30px;"></td></tr>
<tr><td><p>your mail-adress:</p></td></tr>
<tr><td><input required="required" name="mail" type="text" size="50" style="height: 30px;"></td></tr>
<tr><td><p>your document:</p></td></tr>
<tr><td><input required="required" type="file" name="file" value="" /><br /><h6 style="margin-top: 5px; margin-bottom: 2px;">max. filesize: 2 MB<br />allowed filetypes: .doc, .docx, .pdf, .rtf, .odt</h6></td></tr>
</table>
<br />
<input type="submit" value="Send">
</form>

php:

<?php
define('MB', 1048576);
$name = $_POST['name'];
$mail = $_POST['mail'];
$file = $_FILES['file'];
$allowedext =  array('doc','docx' ,'pdf', 'rtf', 'odt');
$filename = $file['tmp_name'];
$ext=explode(".",$filename);
if( empty($name) || empty($mail) || empty($file) || $_FILES['file']['size'] > 2*MB || !in_array($ext[1],$allowedext) )
{
echo "check file extension or check whether all fields are filled correctly!";
exit;
}
else
{
 move_uploaded_file(name, name);
 echo "File has been uploaded successfully!";
}
?>
相关问题
最新问题