2016-02-08 20:00



Here is what I have tried so far and it isn't working. The HTML file contains:-

<!DOCTYPE html>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Form Generator | Upload Driver Specification Sheet</title>
        <script type="text/javascript" src=""></script>
        <script type='text/javascript'>
            function submit_form() {

                var formData = new FormData($(this)[0]);

                    url: 'last_file_action.php',
                    type: 'POST',
                    data: formData,
                    async: false,
                    success: function (data) {
                    cache: false,
                    contentType: false,
                    processData: false

                return false;
    <body class="gray-bg3_full">
        <form class="m-t" role="form" id='data'  method="post" enctype="multipart/form-data">
            <input type="hidden" name="MAX_FILE_SIZE" value="2000000">

            <div class="form-group">
                <p id='new_project_text'>Please include your Product spec sheet: </p>
                <input class="btn btn-primary-save btn-block" type="file" name="userfile" /> <i class="fa fa-upload"></i> &nbsp;  <br/>
            <button type= 'button' id="submit_driver" class="btn btn-warning block full-width m-b m-t" onclick='submit_form()'>Submit</button>
        <div id='results'></div>

And the PHP file i.e. 'last_file_action.php' contains this:-


if ($_FILES['userfile']['error'] > 0)
    switch ($_FILES['userfile']['error'])
        case 1:
            echo "File exceeded upload_max_filesize";
        case 2:
            echo "File exceeded max_file_size";
        case 3:
            echo "File only partially uploaded";
        case 4:
            echo "Please choose a file to upload";
        case 6:
            echo "Cannot upload file: No temp directory specified";
        case 7:
            echo "Upload failed: Cannot write to disk";
$upfile = 'productinformation/';

if (is_uploaded_file($_FILES['userfile']['tmp_name']))
    if (!move_uploaded_file($_FILES['userfile']['tmp_name'], $upfile))
        echo "Problem: Could not move file to destination directory";
    echo "Problem: Possible file upload attack. Filename: ";
    echo $_FILES['userfile']['name'];

// remove possible HTML and PHP tags from the file's contents
$contents = file_get_contents($upfile);
$contents = strip_tags($contents);
file_put_contents($_FILES['userfile']['name'], $contents);
// show what was uploaded

When I click the submit button I get this error "Problem: Possible file upload attack. Filename:". This is the error I've myself set in PHP file. It shows this error even when I don't select the file to upload. I want it to show Error "Please choose a file to upload" if I don't select a file to upload.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • dongqiao6730 dongqiao6730 5年前

    Here is how I did it.

    var formData = new FormData();

    formData.append("userfile", $(":file")[0].files[0]);

    The above code is right as long as you have one file and no other input fields. In case you have more input field and multiple file upload in a single form. One should consider target elements by their IDs instead of type $(":file"). Here is how we can get other files:-

     var formData = new FormData();
    formData.append("first_file", $("#1st_file_id")[0].files[0]);
    formData.append("2nd_file", $("#2nd_file_id")[0].files[0]);
    formData.append("3rd_file", $("#3rd_file_id")[0].files[0]);

    Here is how we can get data from input fields of form by targeting their IDs.

      formData.append("input_field", $("#input_field_id").val());

    In PHP nothing needs to be changed. If we want to get the value of input field we can do it by:-

    $var = $_POST['input_field'];

    And if its a file, we can capture it by this and do the rest of the work as done in the question.

    $_FILES['userfile'] or $_FILE['2nd_file']
    点赞 评论 复制链接分享
  • duangao7133 duangao7133 5年前
    var formData = new FormData();
    formData.append("userfile", $(":file")[0].files[0]);
    点赞 评论 复制链接分享