PHP上传脚本 - 文件大小和文件类型问题

时间:2012-01-19 04:34:04

标签: php upload

我有以下用作上传脚本的代码

$allowed_filetypes = array('.jpg', '.jpeg', '.gif', '.bmp', '.png'); 
$max_filesize = 262144; 
$upload_normal_path = '../uploads/normal/'; 
$upload_thumb_path = '../uploads/thumbnail/';

if(isset($_POST['Submit']))
{
$filename = $_FILES['image']['name']; 
$filesize = $_FILES['image']['size']; 
$fileext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

if(!in_array($fileext, $allowed_filetypes)){
$upload_status = "The file you attempted to upload is not allowed.";
}

if($filesize > $max_filesize){
$upload_status = "The file you attempted to upload is too large.";
}

$image_name = time().$fileext;
$newname = $image_name;

$moved = move_uploaded_file($_FILES['image']['tmp_name'],$upload_normal_path . $newname);

if(!$moved){
$upload_status = 'There was an error during the file upload.  Please try again.';
} else {
$upload_status = 'Your file upload was successful, view the file <a href="' . $upload_normal_path . $newname . '" title="Your File">here</a>';
}
}

脚本本身似乎有时会工作,但它似乎正在跳过一些情境IF和ELSE。 例如,如果文件大小大于$ filesize,我没有得到正确的$ upload_status,它应该说“你试图上传的文件太大”,而不是它似乎一直跳到“有一个文件上传时出错。请重试“。此外,有时我可以上传一些MP3或HTML文件,这意味着它正在跳过整个(!in_array($ fileext,$ allowed_filetypes))。

知道可能导致这些问题的原因,以及如何解决这些问题。 最诚挚的问候

[解决] 谢谢大家的时间和答案,非常感谢。 在看了你的答案之后,我做了一些代码清理,直到我完全按照我的需要去做。

所以这里是我当前代码的副本,希望它能帮助任何可能遇到此类问题的开发人员。

最好的问候

现行工作守则:

function make_thumb($img_name,$filename,$new_w,$new_h)
{

$ext=getExtension($img_name);

if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext))
$src_img=imagecreatefromjpeg($img_name);

if(!strcmp("png",$ext))
$src_img=imagecreatefrompng($img_name);


$old_x=imageSX($src_img);
$old_y=imageSY($src_img);

$ratio1=$old_x/$new_w;
$ratio2=$old_y/$new_h;
if($ratio1>$ratio2) {
$thumb_w=$new_w;
$thumb_h=$old_y/$ratio1;
}
else {
$thumb_h=$new_h;
$thumb_w=$old_x/$ratio2;
}

$dst_img=ImageCreateTrueColor($thumb_w,$thumb_h);

imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);

if(!strcmp("png",$ext))
imagepng($dst_img,$filename);
else
imagejpeg($dst_img,$filename);

imagedestroy($dst_img);
imagedestroy($src_img);
}

function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}

$upload_status = "";
$max_filesize = 2097152;
$error = 0;
$allowed_filetypes = array('jpg', 'jpeg', 'png', 'JPG', 'JPEG', 'PNG'); 

if(isset($_POST['Submit']))
{

$image = $_FILES['image']['name'];

if ($image)
{

$filename = stripslashes($_FILES['image']['name']);
$sizekb = filesize($_FILES['image']['tmp_name']);

$extension = getExtension($filename);
$extension = strtolower($extension);

    if(!in_array($extension, $allowed_filetypes)){
    $upload_status = "<div id='file-upload'><div class='upload-bar-error'><span class='upload-error'>The file extension is not supported.</span></div></div>";
    $error = 1;
    }

    if(isset($_SERVER['CONTENT_LENGTH']) && $_SERVER['CONTENT_LENGTH']> $max_filesize){
    $upload_status = "<div id='file-upload'><div class='upload-bar-error'><span class='upload-error'>The file size has extended the size limit.</span></div></div>";
    $error = 1;
    }

    if($error == 0){
    $image_name=time().'.'.$extension;

    $newname="../uploads/normal/".$image_name;
    $newname_db = "uploads/normal/".$image_name;
    copy($_FILES['image']['tmp_name'], $newname);

    $thumb_name='../uploads/thumbnail/thumb_'.$image_name;
    $thumb_name_db = 'uploads/thumbnail/thumb_'.$image_name;
    $thumb = make_thumb($newname,$thumb_name,$thumb_width,$thumb_height);

    $upload_status = "<div id='file-upload'><div class='upload-bar-success'><span class='upload-success'>The file has been uploaded successfully.</span></div></div>";
    }

}
}

3 个答案:

答案 0 :(得分:1)

那是因为最后一句if句子会覆盖$upload_status讯息。

这是正确的代码:

$allowed_filetypes = array('.jpg', '.jpeg', '.gif', '.bmp', '.png'); 
$max_filesize = 262144; 
$upload_normal_path = '../uploads/normal/'; 
$upload_thumb_path = '../uploads/thumbnail/';

if (isset($_POST['Submit'], $_FILES['image'])) {
  $filename = $_FILES['image']['name']; 
  $filesize = $_FILES['image']['size']; 
  $fileext = substr($filename, strpos($filename, '.'), strlen($filename) - 1);

  $errors = array();

  if (!in_array($fileext, $allowed_filetypes)) {
    $errors[] = 'The file you attempted to upload is not allowed.';
  }

  if ($filesize > $max_filesize) {
    $errors[] = 'The file you attempted to upload is too large.';
  } elseif ($filesize == 0) {
    $errors[] = 'You cannot upload a empty file.';
  }

  if (sizeof($errors)) {
    echo '<p>There was some error: </p><ul>';
    for ($i = 0, $errorsLength = sizeof($errors); $i < $errorsLength; ++$i) {
      echo '<li>' . $errors[$i] . '</li>';
    }
    echo '</ul>';
  } else {
    $newname = time() . $fileext;
    $moved = move_uploaded_file($_FILES['image']['tmp_name'], $upload_normal_path . $newname);

    if (!$moved) {
      echo 'There was an error during the file upload. Please try again.';
    } else {
      echo '<p>Your file upload was successful, view the file <a href="' . $upload_normal_path . $newname . '" title="Your File">here</a></p>';
    }
  }
}

答案 1 :(得分:1)

因为你总是在做move_uploaded_file

答案 2 :(得分:0)

实际上这种情况正在发生,因为您正在使用serialize if命令。 您正在使用两个“if”条件,即

if(!in_array($fileext, $allowed_filetypes)){$upload_status = "The file you attempted to upload is not allowed.";}

if(!$moved){$upload_status = 'There was an error during the file upload.  Please try again.';}

当!移动时变量的值发生变化,即文件没有被移动。

而不是使用模具功能来打印你想要的东西

die("The file you attempted to upload is not allowed.");