我有以下代码来检查(上传的简历和推荐信是否符合所需类型(pdf或doc或docx)和大小(小于400 kb)
//check file extension and size
$resume= ($_FILES['resume']['name']);
$reference= ($_FILES['reference']['name']);
$ext = strrchr($resume, ".");
$ext1 = strrchr($reference, ".");
if (!(($_FILES["resume"]["type"] == "application/doc")
|| ($_FILES["resume"]["type"] == "application/docx")
|| ($_FILES["resume"]["type"] == "application/pdf" ))
&& (($_FILES["reference"]["type"] == "application/doc")
|| ($_FILES["reference"]["type"] == "application/docx")
|| ($_FILES["reference"]["type"] == "application/pdf"))
&& (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
&& (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
&& ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
&& ($_FILES["reference"]["size"] < 400000)) {
stop user } else { allow files to upload }
这不能按预期工作,允许甚至txt文件通过+大小限制没有被检查,它有什么问题?
谢谢,
答案 0 :(得分:5)
下面只使用mime类型来验证文件,然后检查两者的大小。有关大多数mime类型的列表,请参阅here或google。
function allowed_file(){
//Add the allowed mime-type files to an 'allowed' array
$allowed = array('application/doc', 'application/pdf', 'another/type');
//Check uploaded file type is in the above array (therefore valid)
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){
//If filetypes allowed types are found, continue to check filesize:
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){
//if both files are below given size limit, allow upload
//Begin filemove here....
}
}
}
答案 1 :(得分:0)
docx的Mime类型为application/vnd.openxmlformatsofficedocument.wordprocessingml.document
答案 2 :(得分:0)
这是我过去写的一些代码..
function checkFileExtension($ext)
{
if ($ext == 'ai' || $ext == 'pdf' || $ext == 'jpg' || $ext == 'jpeg' || $ext ==
'gif' || $ext == 'eps' || $ext == 'tif' || $ext == 'png' || $ext == 'xls' || $ext ==
'xlsx' || $ext == 'doc' || $ext == 'docx' || $ext == 'ppt' || $ext == 'pptx' ||
$ext == 'zip' || $ext == 'rar' || $ext == 'sitx' || $ext == 'psd' || $ext ==
'indd' || $ext == 'dng') {
$pass = (int)1;
} else {
$pass = (int)0;
}
return (int)$pass;
}
$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];
if($fileAccepted==1 && $fileSize > '82428800'){
// do stuff
}
答案 3 :(得分:0)
要做到这一点,我通常会使用类似的东西:
$filename = $_FILES['field_name']['name']; // Get the name of the file (including file extension).
$ext = strtolower(substr($filename, strpos($filename,'.'), strlen($filename)-1)); //get the extention in lower case
然后检查文件扩展名是否被接受。
另请注意,用户只需更改危险文件的扩展名,因此使用mime类型检查更安全
答案 4 :(得分:0)
这可能很有用:
首先检查所需的mime类型以进行验证:
Microsoft Office MIME Types和List of MIME Types
然后尝试让代码更容易......
$mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'application/vnd.openxmlformats-officedocument.presentationml.presentation');
if (in_array($_FILES["resume"]["type"], $mimeTypes))
{
// File's OK
}
else
{
// Bad file !
}
重要提示:用户可能会更改文件扩展名,因此请务必检查扩展名的mime类型intead !! =)