PHP文件上传大小&输入不起作用

时间:2016-06-25 10:20:06

标签: php mysqli

实际上,我已经开发了一个CMS来通过...发布到我的网站。 对于后期图像,我想设置500KB的限制,只允许GIF,JPEG,JPG和PNG格式。此代码执行成功,也出现警报。但是当上传的图像包含允许的格式和大小时,它会再次显示警告消息..我使用exit();功能是正确的吗? HTML是:

<div class="form-container">
   <form method="post" action="publish_post.php" enctype="multipart/form-data">
     <input class="inputs" type="text" name="p_title" placeholder="What's the post title"/>
     <input class="inputs" type="text" name="p_author" placeholder="Who's the post author"/>
     <select class="input" name="p_category" size="1" />
        <option value="null">Select post category</option>
        <option value="softwares">Softwares</option>
        <option value="tips & tricks">Tips & tricks</option>
        <option value="wallpapers">Wallpapers</option>
        <option value="walpapers_more">Walpapers_more</option>
     </select>
     <textarea name="p_content" placeholder="What's the post content"></textarea>
     <textarea name="p_misc" placeholder="Enter an html code"></textarea>
     <textarea name="p_video" placeholder="Enter an embed code"></textarea>
     </br>
     <div class="upload">
     <input type="file" name="p_image" title="Pick an image for post"/>
     </div></br>
      <span style="margin-left: 5px; color: gray; font-family: sans-serif; font-size: .8em; ">max. size 5MB
      </span></br></br>
     <input type="submit" name="pub" value="Publish"/>
     <input type="button" name="cancel" value="Cancel" onclick="window.open('dashboard','_self');"/>
   </form>
 </div>

PHP是:

<?php
if(isset($_POST['pub'])){

    $category = mysqli_real_escape_string($con,$_POST['p_category']);
    $author = mysqli_real_escape_string($con,$_POST['p_author']);
    $title = mysqli_real_escape_string($con,$_POST['p_title']);
    $content = mysqli_real_escape_string($con,$_POST['p_content']);
    $image_name = $_FILES['p_image']['name'];
    $image_type = $_FILES['p_image']['type'];
    $image_size = $_FILES['p_image']['size'];
    $image_tmp = $_FILES['p_image']['tmp_name'];
    $date = date("M,d,Y");
    $misc = $_POST['p_misc'];
    $video = $_POST['p_video'];

    if($image_type != "jpg" && $image_type != "png" && $image_type != "gif" && $image_type != "jpeg" && $image_size>500000)
    {
        echo "<script>alert('Image size is larger or invlaid format');</script>";
        exit();
    }

$query = "INSERT INTO `me`(`post_category`, `post_author`, `post_title`, `post_content`, `post_image`, `post_date`, `post_misc`, `post_video`) VALUES ('$category','$author','$title','$content','$image_name','$date','$misc','$video')";

    if(mysqli_query($con,$query))
    {
    move_uploaded_file($image_tmp,"images/$image_name");
    header("location:dashboard?done2=done2.png");
    }
  } 
?>

4 个答案:

答案 0 :(得分:0)

在if条件下尝试此操作:

unset($_POST);  
exit("<script>alert('Image size is larger or invlaid format');</script>");

并确保您的插入查询看起来像这样

$query = "INSERT INTO `me`(`post_category`, `post_author`, `post_title`, `post_content`, `post_image`, `post_date`, `post_misc`, `post_video`) VALUES ('".$category."','".$author."','".$title."','".$content."','".$image_name."','".$date."','".$misc."','".$video."')";

答案 1 :(得分:0)

if(($image_type != "image/jpeg" && $image_type != "image/png" && $image_type != "image/gif") || $image_size > 500000)
{
    echo "<script>alert('Image size is larger or invalid format');</script>";

}
else
{
    echo "<script>alert('valid format');</script>";
}

答案 2 :(得分:0)

条件不起作用。尝试此代码。如果您有更多条件,请尝试这种方式。

if(($image_type != "jpg") && ($image_type != "png") && ($image_type != "gif") && ($image_type != "jpeg") && ($image_size>500000))
{
   echo "<script>alert('Image size is larger or invlaid format');</script>";
   exit();
}

答案 3 :(得分:0)

//用于图像类型

$expensions= array("jpeg","jpg","png","gif");
if(in_array($image_type,$expensions)=== false){
    echo "<script>alert('Image size is larger or invlaid format');</script>";
    exit();
}

//用于图像尺寸

if($image_size  > 500000){
    echo "<script>alert('Image size is larger or invlaid format');</script>";
    exit();
}

我希望它会有所帮助