我正在尝试PHP我的第一个实际脚本,其中大部分来自教程:( 无论如何是
我在这方面遇到了问题
// This is our limit file type condition
if (!($uploaded_type=="text/java")||!($uploaded_type=="file/class")||!($uploaded_type=="file/jar")) {
echo "You may only upload Java files.<br>";
$ok=0;
}
基本上它不允许任何文件,即使是那些文件 救命! 我希望只允许Java文件!
编辑: 这是完整的代码
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$uploaded = basename( $_FILES['uploaded']['name']) ;
$ok=1;
//This is our size condition
if ($uploaded_size > 350000) {
echo "Your file is too large.<br>";
$ok=0;
}
// This is our limit file type condition
if (!($uploaded_type=="text/java")||!($uploaded_type=="file/class")||! ($uploaded_type=="file/jar")) {
echo "You may only upload Java files.<br>";
$ok=0;
}
echo $ok; //Here we check that $ok was not set to 0 by an error
if ($ok==0) {
echo "Sorry your file was not uploaded";
}else {
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
echo "The file ". $uploaded ." has been uploaded";
} else {
echo "Sorry, there was a problem uploading your file.";
}
}
?>
答案 0 :(得分:2)
您正在使用OR ...这意味着如果其成员参数的 ANY 为true,则整个语句的计算结果为TRUE。由于文件只能是一种类型,因此您要排除所有文件。你想要的是'和'匹配:
if (!($uploaded_type == 'text/java') && !($uploaded_type == ....)) {
^^---boolean and
假装我们正在使用文件/类文件类型,那么您的版本读取:
if the (file is not text/java) OR the (file is not file/class) OR the (file is not file/jar)
TRUE FALSE TRUE
TRUE or FALSE or TRUE -> TRUE
切换到AND给你
TRUE and FALSE and TRUE -> FALSE
答案 1 :(得分:0)
你的三个条件中只有一个可能是真的,所以你最终得到:
if (!false || !false || !true)
哪个成为:
if (true || true || false)
因此,您应该使用&&
代替OR
,或者使用更好的函数来检查集合中的多个内容:
if (!in_array($uploaded_type, array("text/java", "file/class","file/jar")) {
因此,如果既未找到的允许值,则if将成功。
答案 2 :(得分:0)
您可以使用in_array()
:
$allowed_types = array("text/java", "file/class", "file/jar");
if(!in_array($uploaded_type, $allowed_types)) {
echo "You're not allowed to upload this kind of file.<br />";
$ok = 0;
}
这使得以后允许更多文件类型变得非常容易。如果你想允许“text / html”,你只需要将它添加到数组中,而不需要创建这么多的检查。您甚至可以将允许的类型存储在配置文件或数据库中的表中,并动态创建数组$allowed_types
。
答案 3 :(得分:0)
有关客户端文件格式限制,请参阅此Limit file format when using ?
<input type="file" accept="image/*" /> <!-- all image types -->
<input type="file" accept="audio/*" /> <!-- all audio types -->
对于服务器,您可以按此过滤上传的文件
if(in_array(mime_type($file_path),$allowed_mime_types)){
// save the file
}
$allowed_mime_types = array(
'image/jpeg',
'image/jpg',
'image/png',
'image/gif',
'video/mp4'
);
/*
For PHP>=5.3.0, you can use php's `finfo_file`([finfo_file](https://www.php.net/manual/en/function.finfo-file.php)) function to get the file infomation about the file.
For PHP<5.3.0, you can use your's system's `file` command to get the file information.
*/
function mime_type($file_path)
{
if (function_exists('finfo_open')) {
$finfo = new finfo(FILEINFO_MIME_TYPE, null);
$mime_type = $finfo->file($file_path);
}
if (!$mime_type && function_exists('passthru') && function_exists('escapeshellarg')) {
ob_start();
passthru(sprintf('file -b --mime %s 2>/dev/null', escapeshellarg($file_path)), $return);
if ($return > 0) {
ob_end_clean();
$mime_type = null;
}
$type = trim(ob_get_clean());
if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-\.]+)#i', $type, $match)) {
$mime_type = null;
}
$mime_type = $match[1];
}
return $mime_type;
}