douzhong3887 2015-12-15 17:00
浏览 63
已采纳

文件类型检查不起作用

I have a problem with the file type check when uploading on server. My function is not working as it should. On the server is always uploaded absolutely everything. Please help me

<?php
session_start();
include_once 'dbconnect.php';

if (isset($_POST['ulozitzmeny'])) {

    $valid_mime_types = array(
        "image/gif",
        "image/png",
        "image/jpg",
        "image/jpeg",
    );

    if (in_array($_FILES["file"]["type"], $valid_mime_types)) {

        $file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
        $file_loc = $_FILES['file']['tmp_name'];
        $file_size = $_FILES['file']['size'];
        $file_type = $_FILES['file']['type'];
        $folder = "images";

        $new_size = $file_size / 1024;
        $new_file_name = strtolower($file);
        $final_file = str_replace(' ', '-', $new_file_name);

        if (move_uploaded_file($file_loc, $folder . $final_file)) {
            $sql = "UPDATE users SET file='$file', type='$file_type', size='$file_size' WHERE username = '$_SESSION[user]'";
            mysql_query($sql);
        }
    }else{

        echo 'error';
    }
}
?>
  • 写回答

1条回答 默认 最新

  • dtp87205 2015-12-15 17:09
    关注

    There's a much easier way to validate the type of file being uploaded. Use fileinfo to get the extension of the file being uploaded and then compare against permissible file extensions.

    Here's the reference:

    Your code should be like this:

    // your code

// valid file extensions
$valid_extensions = array("gif", "png", "jpg", "jpeg");

// get the file extension
$ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));  // png

// now check against permissible extensions
if(in_array($ext, $valid_extensions)){
    // allowed
}else{
    // not allowed
}

// your code
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作