文件或图像上传php问题

时间:2010-09-19 13:20:57

标签: php

我遇到了这个脚本的下载代码问题,我修改了它并添加了其他功能。只是脚本的下载部分不起作用,我将提供所有文件的完整代码。

upload.php的

<?php
require_once 'dbc.php';
page_protect();

$client_ID = mysql_query("SELECT id
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];


$uploadDir = 'uploads/';

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
} 

$date = date('Y-m-d H:i:s');

$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());

echo "<br>File $fileName uploaded<br>";

}
?>
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);

$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr> 
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile"> 
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>

<?php if($total_rows > 0) { ?>
          <table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
        <tr>
          <th scope="col">FIle/Image Name</th>
          <th scope="col" style="width:15%">Date</th>
          <th scope="col" style="width:10%">Size</th>
          <th scope="col" style="width:10%">Download</th>
        </tr>
        <?php do { ?>
        <tr>
          <td><?php echo $rows['name']; ?></td>
          <td><?php echo $rows['date']; ?></td>
          <td><?php echo $rows['size']; ?></td>
          <td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
        </tr>
        <?php } while($rows = mysql_fetch_assoc($result)); ?>
      </table> 
      <?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
  <a href="logout.php">Logout </a></p>
</body>
</html>

此代码工作正常。下载代码是:downloads.php

<?php
require_once 'dbc.php';
page_protect();

$client_ID = mysql_query("SELECT id
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];


$uploadDir = 'uploads/';

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
} 

$date = date('Y-m-d H:i:s');

$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());

echo "<br>File $fileName uploaded<br>";

}
?>

<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);

$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr> 
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile"> 
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>

<?php if($total_rows > 0) { ?>
          <table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
        <tr>
          <th scope="col">FIle/Image Name</th>
          <th scope="col" style="width:15%">Date</th>
          <th scope="col" style="width:10%">Size</th>
          <th scope="col" style="width:10%">Download</th>
        </tr>
        <?php do { ?>
        <tr>
          <td><?php echo $rows['name']; ?></td>
          <td><?php echo $rows['date']; ?></td>
          <td><?php echo $rows['size']; ?></td>
          <td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
        </tr>
        <?php } while($rows = mysql_fetch_assoc($result)); ?>
      </table> 
      <?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
  <a href="logout.php">Logout </a></p>
</body>
</html>

这也是我数据库的代码:

CREATE TABLE IF NOT EXISTS `upload2` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`client` int(11) NOT NULL,
`name` varchar(30) NOT NULL,
`type` varchar(30) NOT NULL,
`size` int(11) NOT NULL,
`path` varchar(60) NOT NULL,
`date` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;

--
-- Dumping data for table `upload2`
--

INSERT INTO `upload2` (`id`, `client`, `name`, `type`, `size`, `path`, `date`) VALUES
(1, 1, 'back.gif', 'image/gif', 1997, 'uploads/back.gif', '2010-09-19 12:17:05'); 

当我点击upload.php中的下载链接时,我收到以下错误 警告:mysql_fetch_array():提供的参数在第17行的downloads.php中不是有效的MySQL结果资源

中的文件不存在

我不确定代码是否可以下载文件/图像,如果这个错误不是他们的,因为我无法弄清楚如何解决这个问题。

2 个答案:

答案 0 :(得分:0)

您没有为第一个查询(获取$client_ID

连接到数据库
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);

$client_ID = mysql_query("SELECT id
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];

答案 1 :(得分:0)

需要考虑的一些事项:

  1. 检查是否设置了POST字段不是检查POST是否实际执行的正确方法 - 您完全有可能在某个时候重命名字段而忘记更改if(),或者字段是因某些原因未提交。一个万无一失的检查是if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }。无论提交了哪些字段(如果有),无论何时执行脚本以响应POST请求,都是如此。
  2. 您盲目地认为上传成功,没有检查上传可能失败的任何原因(连接死亡,文件太大,磁盘空间不足等等)。 $ _FILES数组中的['error']参数是有原因的。 if ($_FILES['somefile']['error'] === UPLOAD_ERR_OK) { ... upload was successful ... }
  3. 您不会清理['name']参数,并盲目地将其用作move_uploaded_file()中路径的一部分。该名称完全由用户控制,因此恶意用户可以轻松命名其文件../../../../../../windows/system32/kernel32.dll,并且您的脚本将很乐意尝试杀死您的计算机
  4. 您不检查文件冲突,从第3点开始。你盲目地覆盖任何同名的文件。
  5. 不进行任何类型的上传完成检查,然后尝试将数据保存到数据库中。你在$ filePath和$ fileName上使用addslashes(),但是你不对$fileType做同样的事情 - 这是客户提供的MIME类型 - 所以它再次完全由用户控制,并且因此,恶意攻击者可以轻松执行SQL注入攻击。
  6. 您以root用户身份连接到数据库。这是非常糟糕的做法。创建一个专用帐户并仅授予其“插入”权限。一个简单的Web应用程序几乎从不需要创建/删除/更改权限,但这是您通过使用root帐户向世界公开的内容。结合SQL注入漏洞,您已将数据库(很可能是服务器的其余部分)交给银盘上的攻击者。