PHP文件类型限制

时间:2011-10-24 21:29:04

标签: php file-upload file-type

我正在尝试PHP我的第一个实际脚本,其中大部分来自教程:( 无论如何是

我在这方面遇到了问题

// This is our limit file type condition
if (!($uploaded_type=="text/java")||!($uploaded_type=="file/class")||!($uploaded_type=="file/jar")) {
echo "You may only upload Java files.<br>";

$ok=0;
}

基本上它不允许任何文件,即使是那些文件 救命! 我希望只允许Java文件!

编辑: 这是完整的代码

<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$uploaded = basename( $_FILES['uploaded']['name']) ;
$ok=1;

//This is our size condition
if ($uploaded_size > 350000) {
    echo "Your file is too large.<br>";
    $ok=0;
}

// This is our limit file type condition
if (!($uploaded_type=="text/java")||!($uploaded_type=="file/class")||! ($uploaded_type=="file/jar")) {
    echo "You may only upload Java files.<br>";
    $ok=0;
}

echo $ok;  //Here we check that $ok was not set to 0 by an error
if ($ok==0) {
    echo "Sorry your file was not uploaded";
}else {
    if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
        echo "The file ". $uploaded ." has been uploaded";
    } else {
        echo "Sorry, there was a problem uploading your file.";
    }
}
?>

4 个答案:

答案 0 :(得分:2)

您正在使用OR ...这意味着如果其成员参数的 ANY 为true,则整个语句的计算结果为TRUE。由于文件只能是一种类型,因此您要排除所有文件。你想要的是'和'匹配:

if (!($uploaded_type == 'text/java') && !($uploaded_type == ....)) {
                                     ^^---boolean and

假装我们正在使用文件/类文件类型,那么您的版本读取:

if the (file is not text/java) OR the (file is not file/class) OR the (file is not file/jar)
              TRUE                           FALSE                          TRUE

TRUE or FALSE or TRUE -> TRUE

切换到AND给你

TRUE and FALSE and TRUE -> FALSE

答案 1 :(得分:0)

你的三个条件中只有一个可能是真的,所以你最终得到:

if (!false || !false || !true)

哪个成为:

if (true   || true   || false)

因此,您应该使用&&代替OR,或者使用更好的函数来检查集合中的多个内容:

if (!in_array($uploaded_type, array("text/java", "file/class","file/jar")) {

因此,如果既未找到的允许值,则if将成功。

答案 2 :(得分:0)

您可以使用in_array()

使其更加灵活
$allowed_types = array("text/java", "file/class", "file/jar");
if(!in_array($uploaded_type, $allowed_types)) {
  echo "You're not allowed to upload this kind of file.<br />";
  $ok = 0;
}

这使得以后允许更多文件类型变得非常容易。如果你想允许“text / html”,你只需要将它添加到数组中,而不需要创建这么多的检查。您甚至可以将允许的类型存储在配置文件或数据库中的表中,并动态创建数组$allowed_types

答案 3 :(得分:0)

有关客户端文件格式限制,请参阅此Limit file format when using ?

<input type="file" accept="image/*" /> <!-- all image types --> 
<input type="file" accept="audio/*" /> <!-- all audio types --> 

对于服务器,您可以按此过滤上传的文件

if(in_array(mime_type($file_path),$allowed_mime_types)){
    // save the file
}

$allowed_mime_types = array(
        'image/jpeg',
        'image/jpg',
        'image/png',
        'image/gif',
        'video/mp4'
);


/*
For PHP>=5.3.0, you can use php's `finfo_file`([finfo_file](https://www.php.net/manual/en/function.finfo-file.php)) function to get the file infomation about the file.

For PHP<5.3.0, you can use your's system's `file` command to get the file information.
*/
function mime_type($file_path)
{
    if (function_exists('finfo_open')) {            
        $finfo = new finfo(FILEINFO_MIME_TYPE, null);
        $mime_type = $finfo->file($file_path);
    }
    if (!$mime_type && function_exists('passthru') && function_exists('escapeshellarg')) {
        ob_start();
        passthru(sprintf('file -b --mime %s 2>/dev/null', escapeshellarg($file_path)), $return);
        if ($return > 0) {
            ob_end_clean();
            $mime_type = null;
        }
        $type = trim(ob_get_clean());
        if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-\.]+)#i', $type, $match)) {
            $mime_type = null;
        }
        $mime_type = $match[1];
    }
    return $mime_type;
}