我不确定我在这里做错了什么。我的if语句不起作用,就像它根本不识别任何文件类型一样.....
$file_name = validateInput($_FILES['file']['name']);
$temp_name = validateInput($_FILES['file']['tmp_name']);
$file_type = $_FILES['file']['type'];
//get file extension
$base = basename($file_name);
$extension = substr($base, strlen($base)-4, strlen($base));
//allowed file types
$allowed_extensions = array(".doc", "docx", ".pdf", ".png");
//check if attachment exist
if(!empty($_FILES['file']['name'])){
function validateInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$file_name = validateInput($_FILES['file']['name']);
$temp_name = validateInput($_FILES['file']['tmp_name']);
$file_type = $_FILES['file']['type'];
//get file extension
$base = basename($file_name);
$extension = substr($base, strlen($base)-4, strlen($base));
//allowed file types
$allowed_extensions = array(".doc", "docx", ".pdf", ".png");
//check if uploaded file is allowed
if(in_array($extension, $allowed_extensions)){
//email essentials
//$from = $email_address;
$to = 'info@something.com';
$subject = 'Applicant Application - '.$query;
$message = $html_email;
//handling the file
$file = $temp_name;
$content = chunk_split(base64_encode(file_get_contents($file)));
$uid = md5(uniqid(time()));
//standard mail headers
$headers = "From: ".$forenames." ".$surname."\r\n";
//$headers = "Reply-To: $to \r\n";
$headers .= "MIME-Version: 1.0\r\n";
//declaring that we have muliple kinds of email(i.e content and attachment)
$headers .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n";
$headers .= "This is a multi-part message in MIME format.\r\n";
//plain text or html part
$headers .= "--".$uid."\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n\r\n";
$headers .= $message."\r\n\r\n";
//attachment part
$headers .= "--".$uid."\r\n";
$headers .= "Content-type: ".$file_type."; name=\"".$file_name."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n";
$headers .= "Content-Disposition: attachment; filename=\"".$file_name."\"\r\n\r\n";
$headers .= $content."\r\n\r\n";
//send the mail(without message, as msg is already in header)
if(mail($to, $subject, "", $headers)){
$success = true;
} else {
echo "<script>
alert('Failed to send the message. File type not allowed');
</script>";
}
} else {
echo "<script>
alert('Failed to send the message. File type not allowed');
</script>";
}
}//attachment check
我也想知道限制文件大小的最佳方法。
谢谢,
威尔
答案 0 :(得分:0)
获取文件扩展名的方式并不好。您正在从文件名中减去最后4个字符但是.docx
呢?你认为它会像其他人一样回归吗?您应该使用pathinfo
来获取文件扩展名。
$extension = pathinfo($filename, PATHINFO_EXTENSION);// will return doc/docx ect. without the leading dot(.).
所以改变你的代码(希望这应该有用):
if(isset($_FILES['file']) && $_FILES['file']['size'] > 0){
function validateInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$file_name = validateInput($_FILES['file']['name']);
$temp_name = validateInput($_FILES['file']['tmp_name']);
$file_type = $_FILES['file']['type'];
//get file extension
$extension = pathinfo($file_name, PATHINFO_EXTENSION);
//allowed file types
$allowed_extensions = array("doc", "docx", "pdf", "png");
//check if uploaded file is allowed
if(in_array($extension, $allowed_extensions)){
....
} else {
echo "<script>
alert('file format not allowed');
</script>";
}
} else {
echo "<script>
alert('no file selected');
</script>";
}
答案 1 :(得分:0)
你可以将文件名滑入数组并使用end($ arr)检查数组的最后一个值,并使用in_array与扩展数组进行比较。希望这对你有帮助。