用PHP安全的图像上传？ [英] Secure image upload with PHP?

问题描述

我想从浏览器窗口上传图片到我的服务器。但是，上传字段将为每个人都可见，所以我需要设置一些限制。我只找到了w3schools文件上传（和w3fools.com我不信任它）。我想要的限制是：

最大大小2,5M

<图像类型jpg，jpeg，png，gif

所以这里是w3schools提供的代码，但实际上并不会保存文件到任何地方？

 <？php 
 $ allowedExts = array（ jpg，jpeg，gif，png）; 
 $ extension = end（explode（。，$ _FILES [file] [name]））; 
 if（（（$ _FILES [file] [type] ==image / gif）
 ||（$ _FILES [file] [type] ==图片/ jpg）
 ||（$ _FILES [file] [type] ==image / jpeg））
 ||（$ _FILES [file] [type ] ==image / png））
&& （$ _FILES [file] [size]< 2500000）
&& in_array（$ extension，$ allowedExts））
 {
 if（$ _FILES [file] [error]> 0）
 {
 echoError： 。 $ _FILES [file] [error]。 < br />; 
} 
 else 
 {
 echoUpload：。 $ _FILES [file] [name]。 < br />; 
回显类型：。 $ _FILES [file] [type]。 < br />; 
回声大小：。 （$ _FILES [file] [size] / 1024）。 Kb< br />; 
回声存储在：。 $ _FILES [ 文件] [ tmp_name的值]; 
 
 
 else 
 
 echoInvalid file; 
} 
？> 
  

由于我不希望我的网站遭到黑客入侵，我想要一个安全的解决方案，任何帮助这是什么？

编辑

那么我应该怎么做呢？

解决方案

您需要使用php move_upload_file函数，是工作和测试的例子：

 <？php 
 
 if（isset（$ _ REQUEST [ submit]））{
 
 $ allowedExts = array（jpg，jpeg，gif，png）; 
 $ extension = end（explode（。，$ _FILES [file] [name]））; 
 $ b $ if if（$ _FILES [file] [type] ==image / gif|| $ _FILES [file] [type] ==image / jpg || $ _FILES [file] [type] ==image / jpeg|| $ _FILES [file] [type] ==image / png&& $ _FILES [文件] [size]< 2500000&& in_array（$ extension，$ allowedExts））{
 
 if（$ _FILES [file] [error]> 0 ）{
 
回声错误：。 $ _FILES [file] [error]。 < br />; 
 
 
其他{
 
 $ fname = $ _FILES [file] [name]; 
 move_uploaded_file（$ _ FILES [file] [tmp_name]，$ fname）; 
 
 echo上传：。 $ _FILES [file] [name]。 < br />; 
回显类型：。 $ _FILES [file] [type]。 < br />; 
回声大小：。 （$ _FILES [file] [size] / 1024）。 Kb< br />; 
回声存储在：。 $ FNAME; 
 
 
 
 $ b $ else $ 
 $ b echoInvalid file type; 
 
} 
 
} 
？> 
< form action =method =postenctype =multipart / form-data> 
< input type =filename =file/> 
< input type =submitname =submitvalue =submit/> 
< / form> 
  

您也可以使用getimagesize函数来做下一件事：

  $ size = getimagesize（http://www.simplestudio.rs/060620121945.jpg）; 
 
 $ file_format = $ size ['mime']; 
  

$ file_format将被表示为例如image / jpeg，因此您可以轻松检查图像类型像这样：

  foreach（$ allowedExts as $ allowed）{
 
 $ chk_types = strpos（$ file_format，$ allowed）; 
 
 if（$ chk_types> -1）{
 $ type_is_good = true; 
 break; 
} 
 
} 
  

I want to upload images to my server from browser window. However, the upload field will be visible for everyone, so I need to set up some restrictions. I've only found the w3schools file upload (and as of w3fools.com I don't trust it). I want the restrictions to be:

Maximum size 2,5M

Image types jpg, jpeg, png, gif

So here's the code that w3schools provides, but it won't actually save the file anywhere? I've modified it a bit to meet my needs.

<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/jpeg"))
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 2500000)
&& in_array($extension, $allowedExts))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Stored in: " . $_FILES["file"]["tmp_name"];
    }
  }
else
  {
  echo "Invalid file";
  }
?>

And as I don't want my site to be hacked, I want a secure solution, any help on this?

Edit

The code doesn't even do anything. So how should I do it?

解决方案

You need to use php move_upload_file function and also I have made changes to your if statement here is the working and tested example:

<?php

if (isset($_REQUEST["submit"])) {

    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));

    if ($_FILES["file"]["type"] == "image/gif" || $_FILES["file"]["type"] == "image/jpg" || $_FILES["file"]["type"] == "image/jpeg" || $_FILES["file"]["type"] == "image/png" && $_FILES["file"]["size"] < 2500000 && in_array($extension, $allowedExts)) {

      if ($_FILES["file"]["error"] > 0) {

        echo "Error: " . $_FILES["file"]["error"] . "<br />";

      }
      else {

        $fname = $_FILES["file"]["name"];
        move_uploaded_file($_FILES["file"]["tmp_name"], $fname);

        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Stored in: " . $fname;

      }

    }
    else {

      echo "Invalid file type";

    }

}
?>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="submit" value="submit" />
</form>

You can also use getimagesize function as suggested by doing next thing:

$size = getimagesize("http://www.simplestudio.rs/060620121945.jpg");

$file_format = $size['mime'];

$file_format will be represented as for example "image/jpeg" so you can easily check for image types like this:

foreach($allowedExts as $allowed) {

$chk_types = strpos($file_format, $allowed);

if($chk_types > -1) {
$type_is_good = true;
break;
}

}

这篇关于用PHP安全的图像上传？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！