PHP仅允许用户提交小于php ini upload max的文件

时间:2017-07-20 20:03:52

标签: php file pdo php-ini

在我的网站上,我允许用户提交个人资料图片,并检查图片是否为" png或jpeg"我还检查文件是否小于" 2 mb"如果是,我显示错误信息。但是当文件小于php ini upload max时,它会显示消息,但是当它更大时,我会得到很多不是我想要显示的php错误。如何删除错误并将生成的消息显示给用户。我发现了一个帖子,但帖子是如何阅读错误的。当提交的文件大于200mb或php ini upload max时,我只会收到这些错误。当它较低时,就可以了。这是我的代码和错误消息

错误消息 enter image description here

PHP 

<?php

session_start();

if(isset($_COOKIE['username'])){

    if($_SESSION['came_from_upload'] != true){

        setcookie("username", "", time() - 60*60);
        $_COOKIE['username'] = "";
        header("Location: developerLogin.php");
        exit;


    }

    if($_SERVER['REQUEST_METHOD'] =="POST"){
        $userid = $_SESSION['id'];
        $fullname = addslashes(trim($_POST['fullname']));
        $username = addslashes(trim($_POST['username']));
        $email = addslashes(trim($_POST['email']));
        $password = addslashes(trim($_POST['password']));
        $storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
        $file_name = addslashes(trim($_FILES['file']['name']));
        $file_tmp = addslashes(trim($_FILES['file']['tmp_name']));

        try{

        // new php data object 
        $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
        //ATTR_ERRMODE set to exception
        $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        }catch(PDOException $e){
             die("There was an error connecting to the database");   

        }


        $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
        $stmtChecker->execute(array($userid));
        if(!$stmtChecker->fetch()){

            setcookie("username", "", time() - 60*60);
            $_COOKIE['username'] = "";
            header("Location: developerLogin.php");
            exit;
        }


        if(!empty($fullname)){

            $stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
            $stmtFullname->execute(array($fullname, $userid));
        }

        if(!empty($username)){

            $stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
            $stmtCheckerUsername->execute($username);
            if($resultCheckerUsername = $stmtCheckerUsername->fetch()){

                die("Username Already in use! Please try again");
            }

            $stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
            $stmtUsername->execute(array($username, $userid));

        }

        if(!empty($email)){

            if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){

            die ("Email is Not Valid!");
        }

            $stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
            $stmtCheckerEmail->execute($email);
            if($resultCheckerEmail = $stmtCheckerEmail->fetch()){

                die("Email Already in use! Please try again");
            }

            $stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
            $stmtEmail->execute(array($email, $userid));

        }

        if(!empty($password)){

            if(strlen($password) < 6){

            die ("Password has to be GREATER than 6 characters!");

        }

            //Check if password has atleast ONE Uppercase, One Lowercase and a number
            if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$)",$password)){

                    echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
                    exit;
                }

            $stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
            $stmtPassword->execute(array($storePassword, $userid));


        }

        if($_FILES['file']['error'] == UPLOAD_ERR_OK){


            $allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG);
            $detectedType = exif_imagetype($_FILES['file']['tmp_name']);
            if($extensionCheck = !in_array($detectedType, $allowedTypes) || $_FILES['file']['size'] < 2000){

                die("Failed to upload image; the format is not supported");
            }

             $dir = "userprofilepicture";

             if(is_dir($dir)==false){

                 mkdir($dir, 0700);
             }


            move_uploaded_file($file_tmp,$dir.'/'.$file_name);

            $stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
            $stmtPassword->execute(array($file_name, $userid));

        }

        echo "ok";

    }



}else{

    header("Location: developerLogin.php");
    exit;
}





?>

2 个答案:

答案 0 :(得分:1)

我认为这有助于您找到答案。

How to gracefully handle files that exceed PHP's `post_max_size`?

&#34;如果发布数据的大小大于post_max_size,则$ _POST和$ _FILES超全局变量为空。这可以以各种方式跟踪,例如,通过将$ _GET变量传递给处理数据的脚本,即检查$ _GET [&#39;已处理&#39;]是否已设置。&#34;

在开始会话后将其放在脚本的开头。

    if(empty($_FILES) && empty($_POST) && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ //catch file overload error...
        $postMax = ini_get('post_max_size'); //grab the size limits...
        echo "<p style=\"color: #F00;\">\nPlease note files larger than {$postMax} will result in this error!<br>Please be advised this is not a limitation in the CMS, This is a limitation of the hosting server.<br>For various reasons they limit the max size of uploaded files, if you have access to the php ini file you can fix this by changing the post_max_size setting.<br> If you can't then please ask your host to increase the size limits, or use the FTP uploaded form</p>"; // echo out error and solutions...
        return $postMax
    }

答案 1 :(得分:1)

在提交带有超大文件的表单后尝试转储整个帖子。它可能是空的。由于这些是通知消息,您可以使用

error_reporting(E_ALL & ~E_NOTICE);

在你的文件中获取它们。但这不会解决导致此错误的问题。

相关问题
最新问题