我的代码的图片上传部分出现问题,图片上传很好,但验证工作不正常。
我的完整代码可以在这里看到:http://phpfiddle.org/main/code/a0iw-ce7p
我也可以在不输入其他信息的情况下上传图片,所有信息,包括图片上传都应在上传前填写。
PHP小提琴最终不会允许这部分代码:
else {
//upload the file
if (move_uploaded_file($_FILES["file_upload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["file_upload"]["name"]). " has been uploaded.";
//escapes special characters in a string for use in an SQL statement(escape variables for security)
$year = mysqli_real_escape_string($con, $_POST['year']);
$description = mysqli_real_escape_string($con, $_POST['description']);
$image = mysqli_real_escape_string($con, $_POST['file_upload']);
$decade = mysqli_real_escape_string($con, $_POST['dateID']);
//insert data into database and check whether the connection and query exist and are error free
$sql = mysqli_query($con, "INSERT into details (year, description, image, dateID) VALUES ('$year', '$description', '$target_file', '$decade')") or die(mysqli_error($sql));
//redirect user to a confirmation page
header("location: admin.php");
//close the connection when done
mysqli_close($con);
}
else {
$uploadErr = "*there was an error uploading your file";
}
}
}
这是图像验证:
// specifies the directory where the file is going to be placed
$target_dir = "img/";
$uploadOk = 0;
$year = $description = $dateID = "";
$yearErr = $descriptionErr = $decadeErr = $uploadErr = "";
//when user clicks upload
if ( !empty($_POST) ) {
// specifies the path of the file to be uploaded
if(!empty($_FILES["file_upload"])){
$target_file = $target_dir . basename($_FILES["file_upload"]["name"]);
// holds the file extension of the file
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// gets the image size
$check = getimagesize($_FILES["file_upload"]["tmp_name"]);
}
//if the year is left empty then show error, if not then test_input
if (empty($_POST["year"])) {
$yearErr = "*enter a year";
} else {
$year = test_input($_POST["year"]);
}
//if the year is left empty then show error, if not then test_input
if (empty($_POST["year"])) {
$yearErr = "*enter a year";
} else {
$year = test_input($_POST["year"]);
}
//if the description is left empty then show error
if (empty($_POST["description"])) {
$descriptionErr = "*enter a description";
} else {
$description = test_input($_POST["description"]);
}
// If the date has not been selected in the drop down, and the select is left at "Please Select" value = 0
if(isset($_POST['dateID']) && $_POST['dateID'] == '0'){
$decadeErr = "*select a decade";
}
else {
$dateID = test_input($_POST["dateID"]);
}
// checks the pathname and image size of the file
if($check !== false) {
//file is an image
$uploadOk = 1;
}
// if not, echo to the screen that it is not an image
else {
$uploadErr = "*file is not an image";
}
// Checks if file already exists
if(file_exists($target_file)) {
$uploadErr = "*file already exists";
}
// If file type is not jpg, png, jpeg or gif then display message
$pattern = '/(jpg|png|jpeg|gif)/';
if(!preg_match($pattern,$imageFileType)) {
$uploadErr = "*upload an appropriate image";
}
// Check if $uploadOk is set to 0
if ($uploadOk == 0) {
$uploadErr = "*your file was not uploaded";
}
else {
$uploadErr = "*there was an error uploading your file";
}
}
答案 0 :(得分:0)
你的逻辑错了。
您通过getimagesize检查是否有图片,并将该值分配给$check。然后你这样做:
if($check !== false) {
//file is an image
$uploadOk = 1;
}
// if not, echo to the screen that it is not an image
else {
$uploadErr = "*file is not an image";
}
因此,如果它不是图片,那么您现在拥有$check === false和$uploadErr === "*file is not an image"。 $uploadOk仍为0。
但是你有这个块:
// Checks if file already exists
if(file_exists($target_file)) {
$uploadErr = "*file already exists";
}
// If file type is not jpg, png, jpeg or gif then display message
$pattern = '/(jpg|png|jpeg|gif)/';
if(!preg_match($pattern,$imageFileType)) {
$uploadErr = "*upload an appropriate image";
}
// Check if $uploadOk is set to 0
if ($uploadOk == 0) {
$uploadErr = "*your file was not uploaded";
}
else {
$uploadErr = "*there was an error uploading your file";
}
由于$uploadOk仍然是0,最后if语句会产生$uploadErr === "*your file was not uploaded"。
您检查文件是否存在,并正确设置$uploadErr。但是根据您发布的内容,即使$uploadErr非空,您仍然可以继续尝试移动上传的文件。 (由于您将代码分成两个不同的部分,因此很难说出您正在做什么。)