我正在从我的java应用程序上传一个文件到php服务器,它上传的一切都很好,但我注意到,如果它有一个字符,如'在它然后在文件中它将''不'
,例如,如果我用以下java代码上传文件:
public static void main(String[] args)
{
FILE tmpFile = new FILE(EncryptionUtil.EncryptAndZip("tes't file.txt").getAbsoluteFile().toString());
postData
(
UPLOAD_URL + "?filename=" + URLEncoder.encode(file.getFileName() + ".zip", "utf-8"),
tmpFile.getFileName() + ".zip",
tmpFile.getFileLoader().readAllBytes() // FILE.getFileLoader().readAllBytes() is just a wrapper and reads all bytes from a file to byte[]
);
}
private static final String CrLf = "'r'n";
public static void postData(String url, String filename, byte[] byteData) throws IOException
{
URLConnection conn = null;
InputStream is = null;
OutputStream os = null;
try
{
URL obj = new URL(url);
System.out.println("url:" + obj);
conn = obj.openConnection();
conn.setDoOutput(true);
String message1 = "";
message1 += "-----------------------------4664151417711" + CrLf;
message1 += "Content-Disposition: form-data; name='"uploadedfile'"; filename='"" + filename + "'""
+ CrLf;
message1 += "Content-Type: application/octet-stream" + CrLf;
message1 += CrLf;
String message2 = "";
message2 += CrLf + "-----------------------------4664151417711--"
+ CrLf;
conn.setRequestProperty("Content-Type",
"multipart/form-data; boundary=---------------------------4664151417711");
conn.setRequestProperty("Content-Length", String.valueOf((message1
.length() + message2.length() + byteData.length)));
os = conn.getOutputStream();
os.write(message1.getBytes());
int index = 0;
int size = 1024;
do
{
if ((index + size) > byteData.length)
{
size = byteData.length - index;
}
os.write(byteData, index, size);
index += size;
}
while (index < byteData.length);
os.write(message2.getBytes());
os.flush();
is = conn.getInputStream();
char buff = 512;
int len;
byte[] data = new byte[buff];
do
{
len = is.read(data);
if (len > 0)
{
System.out.println(new String(data, 0, len));
}
}
while (len > 0);
}
catch (Exception e)
{
e.printStackTrace();
}
finally
{
try
{
os.close();
}
catch (Exception e)
{
}
try
{
is.close();
}
catch (Exception e)
{
}
try
{
}
catch (Exception e)
{
}
}
}
服务器响应
url: http://127.0.0.1/cloudstore/upload.php?filename=tes%27t+.txt.zip
name of file user wants to save as: tes''t file.txt.zip
actual save name: tes''t file.txt.zip
Array
(
[name] => tes't file.txt.zip
[type] => application/octet-stream
[tmp_name] => /tmp/phpgYl0QT
[error] => 0
[size] => 1274598
)
和下面是我的PHP文件upload.php
<?php
$target_path = "" . $_GET['filename'];
echo ' name of file user wants to save as: '.$target_path.'<br/>';
if (!file_exists(dirname($target_path))) {
mkdir(dirname($target_path), 0777, true);
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "actual save name: ".basename( $_FILES['uploadedfile']['name'])." <br/>";
} else{
echo "There was an error uploading the file, please try again!<br />";
}
print_r($_FILES['uploadedfile']);
?>
是什么导致这个问题,我认为这是php试图消毒输入?我该如何阻止这种情况的发生?
根据OP的要求,结束问题。
使用stripslashes()
它有助于取消引号字符串的引号,这是原因。
如果需要保存,则将tes''t更改为tes't,如果需要,则
从手册:
stripslashes()的一个例子是当PHP指令magic_quotes_gpc是on的(在PHP 5.4之前默认是on的),并且您没有将这些数据插入到需要转义的地方(例如数据库)。例如,如果您只是直接从HTML表单输出数据。
我通常更喜欢关闭魔术引号,如果它是打开的。顺便说一下,它已经在较新的PHP版本中弃用了。