将文件上传到几个级别的文件夹-PHP [英] Uploading file to folder a few levels up - PHP

问题描述

对不起，我的问题标题没有太多描述性，我正在努力正确地表达问题的内容.我有一个脚本add-new-post.php，可将新博客帖子添加到数据库中.我在文件上传过程中苦苦挣扎，因为上传文件与执行上传的脚本相距几个级别.

Sorry I wasn't able to be a lot more descriptive in my question title, I'm struggling to word the issue correctly. I have a script add-new-post.php that adds a new blog post to the database. I'm struggling with the file upload process as the upload file is a few levels away from the script that's doing the uploading.

文件位置:

public_html/content/uploads/imgs 
public_html/content/themes/admin-cm/post/add-new-post.php

因此，脚本正在尝试将文件上传到第一个目录.以下是有关文件上传的相关代码段，此刻，我只是想让它在页面上回显一些信息，以便可以看到发生了什么事情:

So, the script is attempting to upload files to the first directory. Below is the relevant snippet concerning the file upload, at the moment I'm just getting it to echo some info to the page so I can see what's happening:

        if ( !empty( $_FILES[ "featured_image" ][ "name" ] ) ) {

            $target_dir = '/content/uploads/imgs/';
            $target_file = dirname(__FILES__, 4 ) . $target_dir . basename( $_FILES[ "featured_image" ][ "name" ] );
            $upload_ok = 1;
            $image_file_type = strtolower( pathinfo( $target_file, PATHINFO_EXTENSION ) );

            $check = getimagesize( $_FILES[ "featured_image" ][ "tmp_name" ] );

            if ( $check !== false ) {

                echo "File is an image - " . $check[ "mime" ] . ".";
                echo "<br>" . $target_file;
                $upload_ok = 1;

            } else {

                $errors[] = "The uploaded file is not an image.";
                $upload_ok = 0;

            }

            if ( file_exists( $target_file ) ) {

                echo "Sorry, this file already exists.";
                $upload_ok = 0;

            } else {

                echo "<br>This image doesn't exist already.";

            }

            if ( $_FILES[ "featured_image" ][ "size" ] > 500000 ) {

                echo "Sorry, your file is too large.";
                $upload_ok = 0;

            }

            if ( $upload_ok ) {

                if ( move_uploaded_file( $_FILES[ "featured_image" ][ "name" ], $target_file ) ) {

                    echo "<br>Successfully uploaded the image.";

                } else {

                    echo "<br>Couldn't upload the image.";

                }

            }

        }

我猜我的问题是目录，我尝试了几种不同的输入目标目录的方法，但似乎没有用(例如，最初以字符串形式输入$target_file变量，即"../../../../content/uploads/imgs) .我正在尝试通过上载目录中当前不存在的文件来测试这一点，以下是打印到页面上的内容:

I'm guessing my issue is the directory, I've tried a few different ways of inputting the target directory and none seem to work (such as initially entering the $target_file variable as a string ie. "../../../../content/uploads/imgs). I am testing this out by attempting to upload a file that DOES currently exist in the uploads directory and the following is what is printed to the page:

File is an image - image/jpeg.
./content/uploads/imgs/post-img-8.jpg
This image doesn't exist already.
Couldn't upload the image.

对我而言，目标目录看起来正确..我也尝试过substr()丢失点，并尝试使其失去./.有什么想法我做错了吗?

To me the target directory looks correct.. I've also tried substr() to lose the dot and tried it to lose the ./. Any ideas what I'm doing wrong?

已解决(在评论中感谢Martin)

SOLVED (thanks to Martin in the comments):

我替换了以下内容:

$target_dir = '/content/uploads/imgs/';
$target_file = dirname(__FILES__, 4 ) . $target_dir . basename( $_FILES[ "featured_image" ][ "name" ] );

具有:

$target_dir ="content/uploads/imgs/";
$target_file = $_SERVER[ "DOCUMENT_ROOT" ] . $target_dir . basename( $_FILES[ "featured_image" ][ "name" ] );

推荐答案

您应该使用

You should use $_SERVER['DOCUMENT_ROOT'] to set an absolute filepath to save the files to your server's filesystem.

$_SERVER['DOCUMENT_ROOT']通常是/user/domain/public_html，并且在此文件夹中是世界可访问的网站；

$_SERVER['DOCUMENT_ROOT'] typically is /user/domain/public_html and inside this folder is the world-accessible website;

https://www.mywebsite.co.uk/somefolder/somefile.php

与:

$_SERVER['DOCUMENT_ROOT']."/somefolder/somefile.php";

因此，要将文件保存到:www.mywebsite.org/content/uploads/imgs/post-img-8.jpg，应将其保存到$_SERVER['DOCUMENT_ROOT']."/content/uploads/imgs/post-img-8.jpg";

Therefore to save your file to: www.mywebsite.org/content/uploads/imgs/post-img-8.jpg you would save it to $_SERVER['DOCUMENT_ROOT']."/content/uploads/imgs/post-img-8.jpg";

• 无论此代码从网站的哪个部分运行，这都是通用的.

• 请勿使用给定的$_FILES[ "featured_image" ][ "name" ]保存文件 值，此值很容易被破坏，因此应至少 进行正则表达式转义以删除所有无效字符.

• DO NOT save files with the given $_FILES[ "featured_image" ][ "name" ] value, this value can be easily compromised and should be at least Regex escaped to remove any invalid characters.

• 示例:$name = preg_replace('/[^a-z0-9_-]/i','',$_FILES['featured_image']['name']);

请勿信任上载MIME类型.甚至getimagesize都可能受到威胁.最好的建议是使用PHP

DO NOT trust upload MIME types. Even getimagesize can be compromised. Best suggestion is to use PHP fileinfo functions.

• 处理图像的最佳方法是将图像加载到PHP中( imagecreatefromjpeg 或类似的内容)和保存加载的图像数据，这可以剥离出JPG图像的讨厌的元数据特别是可以包含.

• The best way of handling images is to load the image into PHP (imagecreatefromjpeg or similar) and resave the loaded image data, this can strip out the nasty meta-data that JPG images especially can contain.

这篇关于将文件上传到几个级别的文件夹-PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！