我正在为我的网站寻找PHP脚本的帮助,我正在教一小班学生,有些人问过,我们究竟是如何将它真正地放在互联网上的?所以我制作了一个php上传脚本,以便他们可以上传到我的网站与他们的朋友分享。
我有两个问题:
1)我是如何做到这一点的,当有人上传文件时,它会删除上传文件名中的所有空格? 2)我是如何做到这一点所以我可以阻止人们上传某些类型的文件? (如jpg文件,png文件ext)
继承我的代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content=
"width=device-width, initial-scale=1" />
<title>
File Upload
</title>
<link rel="icon" type="image/png" href="icons/favicon.png" />
<link href="css/bootstrap.min.css" rel="stylesheet" type=
"text/css" />
<script src="js/bootstrap.min.js" type="text/javascript"></script>
<script src="js/jquery-1.11.3.min.js" type="text/javascript"></script>
<script src="js/bootstrap-filestyle.js" type="text/javascript"></script>
<script src=
"https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"
type="text/javascript"></script>
<script src=
"https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"
type="text/javascript"></script>
</head>
<body>
<div class="container" style=
"margin-top: 30px;margin-bottom: 30px">
<div class="row">
<div class="span12">
<h2 style="text-align: center;">
<strong>Alydus.net File Upload</strong>
</h2>
<div class="well">
<form role="form" enctype="multipart/form-data" method=
"post">
<h3>
Upload a file
</h3>
<hr />
<div class="row">
<div class="col-xs-6">
<div class="form-group">
<input type="file" name="example" id="input01"
class="filestyle" data-buttonbefore="true" />
<?php
$dir_upload = '/usr/local/nginx/html/upload/uploads/';
$max_size = 200000000;
$file = $_FILES['example'];
if ($file['size'] <= $max_size && $file['size'] > 0) {
$new_name = time() . '-' . $file['name'];
$copied = copy($file['tmp_name'], $dir_upload . $new_name);
if ($copied) {
print("Successfully uploaded to server, you can download/view the uploaded file now.");
} else {
print("An unknown error has occurred.");
}
} else {
print("");
}
?>
</div>
</div>
<div class="col-xs-2">
<div class="form-group">
<button type="submit" class=
"btn btn-primary">Upload File</button> <a href=
"http://alydus.net/upload/uploads/<?=$new_name; ?>"
class="btn btn-primary" role=
"button">Download/view uploaded file</a>
</div>
</div>
</div>
</form>
</div>
<div class="container" style=
"margin-top: 30px;margin-bottom: 30px">
<div class="row">
<div class="span12">
<div class="well">
<form role="form" enctype="multipart/form-data"
method="post">
<h3>
Instructions
</h3>
<hr />
<div class="row">
<div class="col-xs-6">
<div>
<ul>
<li>Click choose file
</li>
<li>Select your file you'd like to
upload
</li>
<li>Click upload file once
</li>
<li>When the file is finished you
should see a complete message, then
click view/download uploaded file
</li>
<li>You can then copy the link and send
it to anyone so they can view your
images, your html files, and even
download your files!
</li>
</ul>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="container" style=
"margin-top: 30px;margin-bottom: 30px">
<div class="row">
<div class="span12">
<div class="well">
<form role="form" enctype="multipart/form-data"
method="post">
<h3>
Files Uploaded
</h3>
<hr />
<div class="row">
<div class="col-xs-6">
<div style=
'width: 1015px; height: 2500px; overflow: hidden;'>
<center>
<iframe style=
'width: 1015px; height: 2500px;' src=
'http://alydus.net/upload/uploads/index.php'>
</iframe>
</center>
</div>
</div>
<div class="col-xs-2"></div>
<center>
© <?php echo date("Y"); ?> Copyright
Alydus.net
</center>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
答案 0 :(得分:1)
1)当有人上传文件时,我究竟如何做到这一点 删除上传文件名中的所有空格?
这可以通过使用preg_replace("/\s/g", "", $new_name);来实现
用T替换每个空格的示例。 https://regex101.com/r/tR8uJ7/1
2)我是如何做到的,这样我就可以防止人们上传某些内容了 各种文件? (如jpg文件,png文件ext)
在移动上传的文件之前,您可以通过正则表达式检查文件扩展名,例如preg_match("/^(.*)\.(png|jpeg|exe)$/", $filename);此正则表达式匹配以任何字符开头的任何字符串,并以.png,.jpg或.exe结尾。 https://regex101.com/r/tJ7tH6/1
您可以根据自己的需要进行调整。如果你不熟悉正则表达式在网上搜索它 - 那里有很多教程。 请注意,文件扩展名可以轻松伪造。
这里我们提供了一个样本 它没有经过测试但应该有效,否则请告诉我什么不起作用。
<?php
$dir_upload = '';
$max_size = 200000000;
$regexAllowedFileExtensions = "/^(.*)\.(png|jpeg|exe)$/";
$file = $_FILES['example'];
if ( $file['size'] <= $max_size && $file['size'] > 0) {
if (preg_match($regexAllowedFileExtensions, $file['name']))
{
$filename_temp = str_replace(" ", "", $file['name']);
$new_name = time() . '-' . $filename_temp;
$copied = move_uploaded_file($file['tmp_name'], __DIR__ . '/' . $new_name);
if ($copied) {
print("Successfully uploaded to server, you can download/view the uploaded file now.");
} else {
print("An unknown error has occurred.");
}
}
else{
print("The file type is not allowed.");
}
} else {
print("");
}
?>