我已经为所有用户提供了文件夹读写权限。
代码到达此处,但不会将文件上传到uploads文件夹中。
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Done"; // this shows
我已经让它在我的本地服务器上运行了,但它对我不起作用吗?这是我的主要问题。
这是完整的脚本,如果您可以帮助解决文件安全问题,请告诉我们!谢谢!
<?php session_start(); ?>
<?php
$allowedExts = array("mp4", "wmv", "avi", "mpg", "mov", "3pg", "mkv", "zip", "x-zip", "octet-stream", "x-zip-compressed", "x-rar", "rar");
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if ((($_FILES["file"]["type"] == "video/mp4")
|| ($_FILES["file"]["type"] == "application/zip")
|| ($_FILES["file"]["type"] == "application/x-zip")
|| ($_FILES["file"]["type"] == "application/octet-stream")
|| ($_FILES["file"]["type"] == "application/x-zip-compressed")
|| ($_FILES["file"]["type"] == "application/x-rar-compressed")
|| ($_FILES["file"]["type"] == "application/octet-stream")
|| ($_FILES["file"]["type"] == "video/wmv")
|| ($_FILES["file"]["type"] == "video/mpg")
|| ($_FILES["file"]["type"] == "video/mov")
|| ($_FILES["file"]["type"] == "video/3pg")
|| ($_FILES["file"]["type"] == "video/mkv")
|| ($_FILES["file"]["type"] == "video/avi"))
&& ($_FILES["file"]["size"] < 10000000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "File: " . $_FILES["file"]["name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo "<br /> This file already exists, please upload a file with a different name."; // Could I generate a random file name and use that to upload the file?
}
else
{
include_once 'securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false)
{
// the code was incorrect
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
exit;
}
else
{
// the code was secure
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "<br>";
echo "Thanks for singing up!";
echo "<br>";
mail("iamasample@domain.com", "New item submitted", $_POST['ctf-amount'] . " and " . $_POST['cf-message'], "From: " . $_POST['cf-email']);
}
}
}
}
else
{
echo "Invalid file";
}
?>
答案 0 :(得分:1)
Since you have not provided us with your HTML form, am submitting the following and is too long as a comment.
One possible reason why your code is not working, is that your form may be missing essential parts.
I.e.:
<form method="post" enctype="multipart/form-data" action="your_handler.php">
Also, your input. It should contain the "name" attribute.
I.e.:
<input type="file" name="file">
If your form already contains those, then use error reporting to see if it returns anything else.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
Reference(s):