特定文件类型是否允许php上传 [英] Specific file type allowed? php upload
问题描述
我创建了一个图片上传器,我不知道如何做,只有文件类型可以是.jpg,所以我问你,你知道吗?到目前为止:
<?php
session_start();
if($ _ SESSION ['username']){
$ target_path =users / $ username /;
$ target_path = $ target_path。 basename($ _FILES ['uploadedfile'] ['name']);
if(move_uploaded_file($ _ FILES ['uploadedfile'] ['tmp_name'],$ target_path)){
echoThe file。 basename($ _FILES ['uploadedfile'] ['name'])。
已上传;
header(Location:user.php);
} else {
echo上传文件时出错,请重试!;
else {
echo只有会员才可以在这里注册< a href ='index.php'> here< / a>;
}
?>
还有一件事,我如何将上传的文件重命名为:profile.jpg?
这里有一些重要的事情需要考虑:
所有,从不依赖于提供的文件扩展名。如果需要,我可以上传一个扩展名为 .jpg
的php文件。诚然,我可能不得不做更多的事情来让它在你的服务器上作为一个php文件执行,但它肯定不是一个有效的图像。
如果上传成功, $ _ FILES ['uploadedfile'] ['type']
将保存请求提供的MIME类型。然而,这也不应该被信任,因为这也可能被篡改。
一种更可靠的方法来确定上传的文件是否实际上是一个类型为jpeg的图像是使用函数 getimagesize
。 getimagesize()
如果它不是一个有效的图像,将返回false,并返回一个包含图像信息的数组,如果它将该文件识别为图像。数组的索引 2
将保存一个与其中一个常量,以 IMAGETYPE _
开始。
$ info = getimagesize($ _FILES ['uploadedfile'] ['tmp_name']);
if($ info!== false)
{
//文件是一个以
开头的图像if($ info [2] == IMAGETYPE_JPEG)
{
//文件看起来是一张有效的jpeg图片
}
}
据我所知,这是一种老派的方法,尽管它是可靠的。我相信,依赖于平台Windows / * nix)和版本(< 5.3,> = 5.3),但有更可靠的方法来确定文件的实际MIME类型。
编辑:
我忘记了关于
$ b
target_path。 basename($ _FILES ['uploadedfile'] ['name']);
... with this:
$ target_path = $ target_path。 profile.jpg;
换句话说,当您使用 Im creating a image uploader, and i dont know how to do so only the filetype can be .jpg so im asking you, do you know it? heres what i got so far: And one more thing, how may i rename the uploaded file to : "profile.jpg" ? There are some important things to consider here: First of all, never rely on the file extension that was provided. I could upload a php file with the extension If the upload was successful, A more reliable way to determine whether the uploaded file is actually an image of type jpeg is to use the function This is somewhat of an old school method which, as far as I know, is reliable though. I believe, depending on platform (Windows/*nix) and version (< 5.3, >= 5.3) there are more reliable ways to determine the actual mime-type of a file though. I'll see what I can find for you about that later on. edit: Simply replace this: ... with this: In other words, when you move the file with 这篇关于特定文件类型是否允许php上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! move_uploaded_file() code>第二个参数将是新路径(包括新文件名)。
<?php
session_start();
if($_SESSION['username']) {
$target_path = "users/$username/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
"has been uploaded";
header("Location: user.php");
} else{
echo "There was an error uploading the file, please try again!";
}
}
else {
echo "Only members can be here. Register <a href='index.php'>here</a>";
}
?>
.jpg
if I wanted. Granted, I'd probably have to do some more to actually get it to execute as a php file on your server, but it certainly was not a valid image.$_FILES[ 'uploadedfile' ][ 'type' ]
will hold the mime-type that was provided by the request. However, this should also not be trusted, as this can be tampered with as well.getimagesize
. getimagesize()
will return false if it's not a valid image and will return an array with information about the image, if it recognized the file as an image. Index 2
of the array will hold a value that corresponds with one of these constants that begin with IMAGETYPE_
.$info = getimagesize( $_FILES[ 'uploadedfile' ]['tmp_name'] );
if( $info !== false )
{
// file is an image to begin with
if( $info[ 2 ] == IMAGETYPE_JPEG )
{
// file appears to be a valid jpeg image
}
}
I forgot about the renaming part.$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$target_path = $target_path . 'profile.jpg';
move_uploaded_file()
the second argument will be the new path (including the new file name).