dongpeiwei8589 2013-11-22 20:44
浏览 43
已采纳

上传mp3,doc,ppt,sql,zip,tar,rar文件

I want to give my users the freedom to upload all types of files in my online storage site. I only know how to upload image files such as these:

//other code   
 $_FILES["file"]["type"] == "image/jpeg"
 $_FILES["file"]["type"] == "image/jpg"
 $_FILES["file"]["type"] == "image/pjpeg"
 $_FILES["file"]["type"] == "image/x-png"
 $_FILES["file"]["type"] == "image/png"
//other code

using the ebove code I can upload the given extention files to my site. But I want to upload .mp3 .doc .ppt .docx . pptx .sql and many more possible files. To do that, what should I put in the "question mark" below: 

 $_FILES["file"]["type"] == ?          // for mp3
 $_FILES["file"]["type"] == ?          // for doc/docx
 $_FILES["file"]["type"] == ?          // for ppt/pptx 
 $_FILES["file"]["type"] == ?          // for sql
 $_FILES["file"]["type"] == ?          // for zip/tar/rar

please , tell me if there is any list of all extensions of file and what should I write to upload the asked files?

---Thanks.

  • 写回答

2条回答 默认 最新

  • douniao7308 2013-11-22 22:14
    关注

    The MIME Type provided in $_FILE['file']['type'] is a information given by the client side and can be falsified. Don't trust it. It can also vary from a machine to another, as you saw yourself there isn't a single MIME description to each extension, so it can be very frustrating to rely on it to take any kind of decision.

    Someone can send you a music.php and say its a audio/mp3, save it in your website folder and you have just given them means to compromise your entire server. Don't do it.

    Instead, use the file extension to determine it's type. You can also list all allowed extensions in an array and just check if the file extension exists in this array.

    $allowed_extensions = array(
    'mp3', 'mp4', 'doc', 'zip', 'rar',
    'docx', 'ppt', 'pps', 'pptx' // ...
);
if (!in_array(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION), $allowed_extensions))
    die("You can't upload this.");

    Or, you can instead prohibit dangerous file extensions and allow everything else, what would be easier to do considering you want to allow "any type of file".

    $disallowed_extensions = array('exe', 'scr', 'cpl', 'bat', 'php', 'htaccess');
if (in_array(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION), $disallowed_extensions))
    die("You can't upload this.");

    Careful with the file name too. The file name provided in $_FILES['file']['name'] should be just the file base name, but once again this information is provided by the user and can be including full or relative paths to make your script save it where it shouldn't. Always use basename($_FILES['file']['name']) to make sure you are using the file base name when saving the file.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来