我写了一个上传文件的脚本。当我按下提交按钮而不选择文件或选择不正确格式的文件时,例如exe文件,显示文件上传消息。以页面顶部声明的格式加载文件没有问题,该部分有效。
<?php
include "connect.php";
error_reporting(E_ERROR);
$message = $_GET['message'];
//function to check for valid image formats
function upload($file_upload, $dir){
$url ='';
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file = finfo_file($finfo, $file_upload["tmp_name"]);
$allowedExts = array("gif", "jpeg", "jpg", "png", "pdf", "PDF", "doc", "DOC", "docx", "DOCX", "JPG", "JPEG", "PNG", "GIF");
$temp = explode(".", $file_upload["name"]);
$extension = end($temp);
if ((($file == "image/gif")
|| ($file == "image/jpeg")
|| ($file == "image/jpg")
|| ($file == "image/pjpeg")
|| ($file == "image/x-png")
|| ($file == "image/png"))
|| ($file == "application/pdf")
|| ($file == "application/msword")
|| ($file == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
&& ($file_upload["size"] < 7000000)
&& in_array($extension, $allowedExts))
{
if ($file_upload["error"] > 0){
$message = "An error occurred: " . $file_upload["error"] . "<br>";
}
else{
$path = $dir . $file_upload["name"];
move_uploaded_file($file_upload["tmp_name"],$path);
}
}
else
{
$message = "Wrong format";
}
return $path;
}
if (isset($_POST['Submit']))
{
//write data into database table
if (!$has_errors)
{
$Link = mysql_connect($Host, $User, $Password);
$path = upload($dir);
if(!empty($_FILES) && is_array($_FILES)){
$path = upload($_FILES["image"], "uploads/");
}
$Query = "INSERT INTO images VALUES ('','".mysql_escape_string($path)."')";
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
if($sql = mysql_db_query ($DBName, $Query, $Link)) {
$message = "File Uploaded";
header("Location: index.php?message=".urlencode($message));
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
}
?>