文件绕过php中的文件类型选择

时间:2011-05-15 18:45:05

标签: php forms file-type

我有if / else以确保只能上传某些类型的音频,但它似乎没有工作,因为其他文件类型(图像)正在通过我的上传表单。我的代码出了什么问题?

<?php 

 if($_POST['submit']=="in_mp3") 

{ 
$_FILES['file']['name'] = str_replace (" ", "", $_FILES['file']['name']);
if ($_FILES['file']['name'] != "") { 
        if (($_FILES['file']['type'] == "audio/mpeg" or "audio/ogg") || ($_FILES['file']['type'] == "application/force-download")) { 
            if ($_FILES["file"]["size"] < 6097152) {             
                    move_uploaded_file($_FILES["file"]["tmp_name"], "sound/" . $_FILES["file"]["name"]); 
                       echo "File has been stored in your uploads directory.";} 
else { echo "Please upload a file that is under 5 mb!";} 
} else { 
    echo "Please upload a mp3 or ogg file!"; 
    exit;} 
} else { echo "Please enter a file.";} 
}

1 个答案:

答案 0 :(得分:3)

您需要修改if条件。问题是您评估“audio / ogg”,它不等于“”,因此始终满足您的if条件。尝试:

if ($_FILES['file']['type'] == "audio/mpeg" || $_FILES['file']['type'] == "audio/ogg" || $_FILES['file']['type'] == "application/force-download") {

您还可以检查文件扩展名:

if (in_array(end(explode(".", $_FILES['file']['name'])), array('mpg','mpeg', 'm2v', 'mp2', 'mp3', 'ogv', 'oga', 'ogx', 'ogg', 'spx')))
相关问题
最新问题