php文件上传,如何限制文件上传类型

时间:2011-09-06 15:12:03

标签: php mysql file-upload file-type

我有以下代码来检查(上传的简历和推荐信是否符合所需类型(pdf或doc或docx)和大小(小于400 kb)

//check file extension and size
         $resume= ($_FILES['resume']['name']); 
         $reference= ($_FILES['reference']['name']); 
         $ext = strrchr($resume, ".");
         $ext1 = strrchr($reference, ".");
        if (!(($_FILES["resume"]["type"] == "application/doc")
        || ($_FILES["resume"]["type"] == "application/docx")
        || ($_FILES["resume"]["type"] == "application/pdf" ))
         && (($_FILES["reference"]["type"] == "application/doc")
        || ($_FILES["reference"]["type"] == "application/docx")
        || ($_FILES["reference"]["type"] == "application/pdf"))
        && (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
        && (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
        &&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
        &&  ($_FILES["reference"]["size"] < 400000)) {  

stop user } else { allow files to upload }

这不能按预期工作,允许甚至txt文件通过+大小限制没有被检查,它有什么问题?

谢谢,

5 个答案:

答案 0 :(得分:5)

下面只使用mime类型来验证文件,然后检查两者的大小。有关大多数mime类型的列表,请参阅here或google。

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}

答案 1 :(得分:0)

docx的Mime类型为application/vnd.openxmlformatsofficedocument.wordprocessingml.document

答案 2 :(得分:0)

这是我过去写的一些代码..

function checkFileExtension($ext)
{
    if ($ext == 'ai' || $ext == 'pdf' || $ext == 'jpg' || $ext == 'jpeg' || $ext ==
        'gif' || $ext == 'eps' || $ext == 'tif' || $ext == 'png' || $ext == 'xls' || $ext ==
        'xlsx' || $ext == 'doc' || $ext == 'docx' || $ext == 'ppt' || $ext == 'pptx' ||
        $ext == 'zip' || $ext == 'rar' || $ext == 'sitx' || $ext == 'psd' || $ext ==
        'indd' || $ext == 'dng') {
        $pass = (int)1;
    } else {
        $pass = (int)0;
    }
    return (int)$pass;
}


$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];

if($fileAccepted==1 && $fileSize > '82428800'){
    // do stuff
}

答案 3 :(得分:0)

要做到这一点,我通常会使用类似的东西:

$filename = $_FILES['field_name']['name']; // Get the name of the file (including file extension).
$ext = strtolower(substr($filename, strpos($filename,'.'), strlen($filename)-1)); //get the extention in lower case

然后检查文件扩展名是否被接受。

另请注意,用户只需更改危险文件的扩展名,因此使用mime类型检查更安全

答案 4 :(得分:0)

这可能很有用:

首先检查所需的mime类型以进行验证:

Microsoft Office MIME TypesList of MIME Types

然后尝试让代码更容易......

    $mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 
'application/vnd.openxmlformats-officedocument.presentationml.presentation');

    if (in_array($_FILES["resume"]["type"], $mimeTypes))
    {
        // File's OK
    }
    else
    {
        // Bad file !
    }

重要提示:用户可能会更改文件扩展名,因此请务必检查扩展名的mime类型intead !! =)