douzhong3887 2015-12-15 17:00
浏览 63
已采纳

文件类型检查不起作用

I have a problem with the file type check when uploading on server. My function is not working as it should. On the server is always uploaded absolutely everything. Please help me

<?php
session_start();
include_once 'dbconnect.php';

if (isset($_POST['ulozitzmeny'])) {

    $valid_mime_types = array(
        "image/gif",
        "image/png",
        "image/jpg",
        "image/jpeg",
    );

    if (in_array($_FILES["file"]["type"], $valid_mime_types)) {

        $file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
        $file_loc = $_FILES['file']['tmp_name'];
        $file_size = $_FILES['file']['size'];
        $file_type = $_FILES['file']['type'];
        $folder = "images";

        $new_size = $file_size / 1024;
        $new_file_name = strtolower($file);
        $final_file = str_replace(' ', '-', $new_file_name);

        if (move_uploaded_file($file_loc, $folder . $final_file)) {
            $sql = "UPDATE users SET file='$file', type='$file_type', size='$file_size' WHERE username = '$_SESSION[user]'";
            mysql_query($sql);
        }
    }else{

        echo 'error';
    }
}
?>
  • 写回答

1条回答 默认 最新

  • dtp87205 2015-12-15 17:09
    关注

    There's a much easier way to validate the type of file being uploaded. Use fileinfo to get the extension of the file being uploaded and then compare against permissible file extensions.

    Here's the reference:

    Your code should be like this:

    // your code

// valid file extensions
$valid_extensions = array("gif", "png", "jpg", "jpeg");

// get the file extension
$ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));  // png

// now check against permissible extensions
if(in_array($ext, $valid_extensions)){
    // allowed
}else{
    // not allowed
}

// your code
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 52810 尾椎c三个a 写蓝牙地址
  • ¥15 elmos524.33 eeprom的读写问题
  • ¥15 使用Java milo连接Kepserver服务端报错?
  • ¥15 用ADS设计一款的射频功率放大器
  • ¥15 怎么求交点连线的理论解?
  • ¥20 软件开发方法学习来了
  • ¥15 微信小程序商城如何实现多商户收款 平台分润抽成
  • ¥15 HC32L176调试了一个通过TIMER5+DMA驱动WS2812B
  • ¥15 cocos的js代码调用wx.createUseInfoButton问题!
  • ¥15 关于自相关函数法和周期图法实现对随机信号的功率谱估计的matlab程序运行的问题,请各位专家解答!