如何检查用户是否在PHP中上传了文件？

Question

我会进行一些表单验证，以确保用户上传的文件类型正确。但上传是可选的，所以我想跳过验证，如果他没有上传任何内容并提交表格的其余部分。我如何检查他是否上传了某些内容？ $_FILES['myflie']['size'] <=0会工作吗？

Answer 1

您可以使用is_uploaded_file()：

if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {
    echo 'No upload';
}

来自文档：

  

如果文件名为，则返回TRUE   文件名是通过HTTP POST上传的。   这有助于确保a   恶意用户没有试图欺骗   脚本处理文件   它不应该工作 - 为   例如，/ etc / passwd。

     

特别是这种检查   重要的是，如果有任何机会   完成上传文件的任何事情   可以透露他们的内容   用户，甚至是其他用户   同样的制度。

编辑：我在我的FileUpload类中使用它，以防它有用：

public function fileUploaded()
{
    if(empty($_FILES)) {
        return false;       
    } 
    $this->file = $_FILES[$this->formField];
    if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){
        $this->errors['FileNotExists'] = true;
        return false;
    }   
    return true;
}

Answer 2

这段代码对我有用。我正在使用多个文件上传，因此我需要检查是否有任何上传。

HTML部分：

<input name="files[]" type="file" multiple="multiple" />

PHP部分：

if(isset($_FILES['files']) ){  


foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){

      if(!empty($_FILES['files']['tmp_name'][$key])){

    //  things you want to do
    }
}

Answer 3

@ karim79有正确的答案，但我不得不重写他的例子以适应我的目的。他的例子假设提交的字段的名称是已知的并且可以被硬编码。我更进了一步并且创建了一个函数，它将告诉我是否上传了任何文件而不必知道上传字段的名称。 / p>

/**
 * Tests all upload fields to determine whether any files were submitted.
 * 
 * @return boolean
 */
function files_uploaded() {

    // bail if there were no upload forms
   if(empty($_FILES))
        return false;

    // check for uploaded files
    $files = $_FILES['files']['tmp_name'];
    foreach( $files as $field_title => $temp_name ){
        if( !empty($temp_name) && is_uploaded_file( $temp_name )){
            // found one!
            return true;
        }
    }   
    // return false if no files were found
   return false;
}

Answer 4

<!DOCTYPE html>
<html>
<body>

<form action="#" method="post" enctype="multipart/form-data">
    Select image to upload:
    <input name="my_files[]" type="file" multiple="multiple" />
    <input type="submit" value="Upload Image" name="submit">
</form>


<?php

 if (isset($_FILES['my_files']))
  {
    $myFile = $_FILES['my_files'];
    $fileCount = count($myFile["name"]);


        for ($i = 0; $i <$fileCount; $i++)
         {
           $error = $myFile["error"][$i]; 

            if ($error == '4')  // error 4 is for "no file selected"
             {
               echo "no file selected";
             }
            else
             {

               $name =  $myFile["name"][$i];
               echo $name; 
               echo "<br>"; 
               $temporary_file = $myFile["tmp_name"][$i];
               echo $temporary_file;
               echo "<br>";
               $type = $myFile["type"][$i];
               echo $type;
               echo "<br>";
               $size = $myFile["size"][$i];
               echo $size;
               echo "<br>";



               $target_path = "uploads/$name";   //first make a folder named "uploads" where you will upload files


                 if(move_uploaded_file($temporary_file,$target_path))
                  {
                   echo " uploaded";
                   echo "<br>";
                   echo "<br>";
                  }
                   else
                  {
                   echo "no upload ";
                  }




              }
        }  
}
        ?>


</body>
</html>

参考http://www.techzigzag.com/how-to-check-that-user-has-upload-any-file-or-not-in-php/

但请保持警惕。用户可以上传任何类型的文件，也可以通过上传恶意或php文件来破解您的服务器或系统。在这个脚本中应该有一些验证。谢谢。

Answer 5

我检查了你的代码并认为你应该试试这个：

if(!file_exists($_FILES['fileupload']['tmp_name']) || !is_uploaded_file($_FILES['fileupload']['tmp_name'])) 
    {
        echo 'No upload';
    }   
    else
        echo 'upload';

Answer 6

您应该使用$_FILES[$form_name]['error']。如果没有上传文件，则返回UPLOAD_ERR_NO_FILE。完整列表：PHP: Error Messages Explained

function isUploadOkay($form_name, &$error_message) {
    if (!isset($_FILES[$form_name])) {
        $error_message = "No file upload with name '$form_name' in form.";
        return false;
    }
    $error = $_FILES[$form_name]['error'];

    // List at: http://php.net/manual/en/features.file-upload.errors.php
    if ($error != UPLOAD_ERR_OK) {
        switch ($error) {
            case UPLOAD_ERR_INI_SIZE:
                $error_message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini.';
                break;

            case UPLOAD_ERR_FORM_SIZE:
                $error_message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.';
                break;

            case UPLOAD_ERR_PARTIAL:
                $error_message = 'The uploaded file was only partially uploaded.';
                break;

            case UPLOAD_ERR_NO_FILE:
                $error_message = 'No file was uploaded.';
                break;

            case UPLOAD_ERR_NO_TMP_DIR:
                $error_message = 'Missing a temporary folder.';
                break;

            case UPLOAD_ERR_CANT_WRITE:
                $error_message = 'Failed to write file to disk.';
                break;

            case UPLOAD_ERR_EXTENSION:
                $error_message = 'A PHP extension interrupted the upload.';
                break;

            default:
                $error_message = 'Unknown error';
            break;
        }
        return false;
    }

    $error_message = null;
    return true;
}

Answer 7

is_uploaded_file()非常适合使用，特别是用于检查它是上传文件还是本地文件（出于安全目的）。

但是，如果要检查用户是否上传了文件， 使用$_FILES['file']['error'] == UPLOAD_ERR_OK。

请参阅file upload error messages上的PHP手册。如果您只想检查无文件，请使用UPLOAD_ERR_NO_FILE。

Answer 8

一般来说，用户上传文件的时候，PHP服务器并没有捕捉到异常错误或者错误，说明文件上传成功。 https://www.php.net/manual/en/reserved.variables.files.php#109648

if ( boolval( $_FILES['image']['error'] === 0 ) ) {
    // ...
}