dongyounai6281
2018-10-22 11:55
浏览 102
已采纳

PHP仅上传文件图像

I am not able upload my image file to server, using XAMMP phpmyadmin and apache services. I'm wondering where I did wrong.
I have to use this kind of security code to prevent any extension upload that can exploit by hacker.
It just shows that the files is "Your image was not uploaded" as an error code. Not sure if it is because I didn't specify the root of the website? If yes, how can I specify?

<html>
<head> 
<?php
if(isset($_POST['submit']))
{
$target_dir = '/uploads/';
$target_dir1 = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadedname=$_FILES['fileToUpload']['name'];
$uploadedname_temp=$_FILES['fileToUpload']['name'];
$uploaded_ext=substr($uploadedname_temp,strrpos($uploadedname_temp,'.')+1);
$uploaded_size=$_FILES['fileToUpload']['size'];
if(isset($_POST['submit']))
{
if (($uploaded_ext == "jpg" || $uploaded_ext == "JPG" || $uploaded_ext == "jpeg" || $uploaded_ext == "JPEG") && ($uploaded_size < 1000000)){ 
                if(!move_uploaded_file($_FILES['fileToUpload']['name'], $target_dir1)) { 

                    echo '<pre>'; 
                    echo 'Your image was not uploaded.'; 
                    echo '</pre>'; 

                  } else { 

                    echo '<pre>'; 
                    echo $target_dir1. ' succesfully uploaded!'; 
                    echo '</pre>'; 

                    } 
            } 

            else{ 

                echo '<pre>'; 
                echo 'Your image was not uploaded.'; 
                echo '</pre>'; 

            }   
}

}

?>



</head>
<body>




<form action="uploadfiles.php" method="post" enctype="multipart/form-data">
    Select image to upload:
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload Image" name="submit">
</form>


</body>
</html>
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doutui8842 2018-10-22 12:29
    已采纳

    I tried below code. it is working properly. As there was issue with $uploaded_size you have not declared size variable and used that.

        <html>
        <head> 
    
        <?php
        if(isset($_POST['submit']))
        {
        $target_dir = realpath(__DIR__) . '/uploads/';
        $target_dir1 = $target_dir . basename($_FILES["fileToUpload"]["name"]);
        $uploadedname=$_FILES['fileToUpload']['name'];
        $uploadedname_temp=$_FILES['fileToUpload']['name'];
        $uploaded_size = $_FILES['fileToUpload']['size'];
        $uploaded_ext=substr($uploadedname_temp,strrpos($uploadedname_temp,'.')+1);
    
        if(isset($_POST['submit']))
            {
             if (($uploaded_ext == "jpg" || $uploaded_ext == "JPG" || $uploaded_ext == "jpeg" || $uploaded_ext == "JPEG") && ($uploaded_size < 1000000)){ 
                        if(!move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_dir1)) { 
    
                            echo '<pre>'; 
                            echo 'Your image was not uploaded.'; 
                            echo '</pre>'; 
    
                          } else { 
    
                            echo '<pre>'; 
                            echo $target_dir1. ' succesfully uploaded!'; 
                            echo '</pre>'; 
    
                            } 
                    } 
    
                    else{ 
    
                        echo '<pre>'; 
                        echo 'Your image was not uploaded.'; 
                        echo '</pre>'; 
    
                    }   
        }
    
        }
    
        ?>
    
    
    
        </head>
        <body>
    
    
    
    
        <form action="uploadfiles.php" method="post" enctype="multipart/form-data">
            Select image to upload:
            <input type="file" name="fileToUpload" id="fileToUpload">
            <input type="submit" value="Upload Image" name="submit">
        </form>
    
    
        </body>
        </html>
    
    打赏 评论
  • doudong3570 2018-10-22 12:34

    You are trying to move the file by it's original file name. However, when it gets uploaded, there is a ['tmp_name']. When you move_uploaded_file(), you need to refer to the tmp name.

    if(!move_uploaded_file($_FILES['fileToUpload']['name'], $target_dir1)) { 
    

    to

    if(!move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_dir1)) { 
    
    打赏 评论

相关推荐 更多相似问题