我当前的php图像上传器有一些问题。似乎有些人滥用它,上传任何大量文件,而不仅仅是jpegs、png和gif,这对我的带宽造成了损失,我也无法想象它是否非常安全。
有可能限制人们可以上传的内容吗?也可能是按尺寸?
<?php
include 'config.php';
if(isset($_POST['button']))
{
$a = $_FILES["fileField"]["name"];
$sql = "insert into image(img) values('$a')";
$pqr = mysql_query($sql);
move_uploaded_file($_FILES['fileField']['tmp_name'],"upload/".$a);
if($pqr)
{
$_SESSION['name'] = 1;
header("Location: home.php");
}
else
{
echo("Error");
}
}
ob_flush();
?>
提前谢谢!
您应该在服务器配置中限制上传文件的最大大小。如果不能做到这一点,那么在应用程序代码中实现大小检查。
<?php
if ($_FILES["fileField"]["size"] > 500000) { // 500KB
exit("Sorry, your file is too large.");
}
将此添加到if(isset($_POST['button'])之后{
$errors = false;
$target_file = "upload/". basename($_FILES["fileField"]["name"]);
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
$check = getimagesize($_FILES["fileField"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
} else {
echo "File is not an image.";
$errors = true;
}
// Allow certain file formats
if($imageFileType != "jpg" &&
$imageFileType != "png" &&
$imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$errors = true;
}
//check file size
if ($_FILES["fileField"]["size"] > 500000) { // 500KB
echo "Sorry, your file is too large.";
$errors = true;
}
if ($errors == false){
// move uploaded file
}
定义最大文件大小和文件类型。U可以创建一个应该上传的图像类型数组。我假设你可以上传。
<?php
//file size in bytes e.g 1000kB or 1MB
$fleSize = 1000000;
fileType = array('image/png', 'image/gif', 'image/jpeg');
if($_FILES['fileField']['size'] > $fileSize){
echo "File too large.............";
}
else{
//see if the file type is in fileType array.
if(!array_key_exists($_FILES['fileField']['type'], $fileType)){
echo"Please upload a png, jpg, jpeg or gif file.";
}else{
//move uploaded file
}
}
?>