doudao5287
doudao5287
2016-02-23 12:44

上传错误的文件类型PHP时无法获得echo错误

已采纳

I'm trying to make it so that when the user uploads any document that isn't a csv file an echo error appears. However when I tested it I got the echo error on both the correct file type and an incorrect file type. Anyone know where I'm going wrong?

<?php
    ob_clean();session_start();

    if (isset($_GET['logout'])){
    session_destroy();  
    }

    if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
        header("Location: index.php");
    }

    if(isset($_FILES['UploadFileField'])){
    $allowed = array('csv');
    $UploadName = $_FILES['UploadFileField']['name'];
    $UploadTmp = $_FILES['UploadFileField']['tmp_name'];
    $UploadType = $_FILES['UploadFileField']['type'];
    $NewFileName = "project1file.txt";


    if(!$UploadTmp){
        echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
    }else{
        move_uploaded_file($UploadTmp, "UPLOADS/$NewFileName");
        echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';

    }

    if(!in_array($UploadTmp,$allowed) ) {
    echo 'error';
}

}

?>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • dongshuohuan5291 dongshuohuan5291 5年前

    Use the below code to find the extension of the uploaded file:

    $type = $_FILES["UploadFileField"]["type"];
    

    And then echo

    if(!in_array($type,$allowed) ) {
        echo 'error';
    }
    

    Update 1:

    $mimes = array('application/vnd.ms-excel','text/plain','text/csv','text/tsv');
    
    if(in_array($_FILES['UploadFileField']['type'],$mimes)){
      // do something
    } else {
      die("Sorry, mime type not allowed");
    }
    

    Update 2:

    You can use this as well, actually $_FILES...['type'] is not safe to use.

    $types = array('csv');
    
    $ext = pathinfo($UploadName, PATHINFO_EXTENSION);
    
    
    if(in_array($ext,$types)){
    // do something
    } else {
        die("Sorry, only CSV type allowed");
    }
    
    点赞 评论 复制链接分享
  • dozr13344 dozr13344 5年前

    Please add 3 variables in isset file condition.

    1.$target_dir = "uploads/";
    2.$target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
    3.$FileType = pathinfo($target_file,PATHINFO_EXTENSION); 
    

    so condition is

       if (isset($_FILES['UploadFileField']))
        {
            $allowed = array('csv');
            $UploadName = $_FILES['UploadFileField']['name'];
            $UploadTmp = $_FILES['UploadFileField']['tmp_name'];
            $UploadType = $_FILES['UploadFileField']['type'];
            $NewFileName = "project1file.txt";
            $target_dir = "uploads/";
            $target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
    
            $FileType = pathinfo($target_file, PATHINFO_EXTENSION);
        }
    
        if (!$FileType)
        {
            echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
        }
        else
        {
            move_uploaded_file($UploadTmp, $target_file);
            echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';
        }
    
        if (!in_array($FileType, $allowed))
        {
            echo 'error';
        }  
    

    Please check your folder name. It is now "upload".

    点赞 评论 复制链接分享
  • dplm47571 dplm47571 5年前

    Although csv does have an RFC and hence a mimetype, there are still a lot of devices which are not pre-configured with the appropriate mimetype (but note that CSV is actually a family of formats).

    Both the mimetype and extension are assertions by the client about the content of the file and should not be trusted.

    As to why your code is not doing what you expect....you are comparing the mimetype (which should be 'text/csv') with 'csv'. They are not the same.

    As to where you are going wrong....

    Your code contains no comments. You could have found the problem yourself by instrumenting the code to detail what was actually arriving at the server. You shouldn't be calling move_uploaded_file() before validating the file, and you should probably have a more robust method for validating the file.

    点赞 评论 复制链接分享