问题描述
我创建了一个图片上传器,我不知道如何做,只有文件类型可以是.jpg,所以我问你,你知道吗?到目前为止:
<?php
session_start();
if($ _ SESSION ['username']){
$ target_path =users / $ username /;
$ target_path = $ target_path。 basename($ _FILES ['uploadedfile'] ['name']);
if(move_uploaded_file($ _ FILES ['uploadedfile'] ['tmp_name'],$ target_path)){
echoThe file。 basename($ _FILES ['uploadedfile'] ['name'])。
已上传;
header(Location:user.php);
} else {
echo上传文件时出错,请重试!;
else {
echo只有会员才可以在这里注册< a href ='index.php'> here< / a>;
}
?>
还有一件事,我如何将上传的文件重命名为:profile.jpg?
这里有一些重要的事情需要考虑:
所有,从不依赖于提供的文件扩展名。如果需要,我可以上传一个扩展名为 .jpg
的php文件。诚然,我可能不得不做更多的事情来让它在你的服务器上作为一个php文件执行,但它肯定不是一个有效的图像。
如果上传成功, $ _ FILES ['uploadedfile'] ['type']
将保存请求提供的MIME类型。然而,这也不应该被信任,因为这也可能被篡改。
一种更可靠的方法来确定上传的文件是否实际上是一个类型为jpeg的图像是使用函数 getimagesize
。 getimagesize()
如果它不是一个有效的图像,将返回false,并返回一个包含图像信息的数组,如果它将该文件识别为图像。数组的索引 2
将保存一个与,以 IMAGETYPE _
开始。
$ info = getimagesize($ _FILES ['uploadedfile'] ['tmp_name']);
if($ info!== false)
{
//文件是一个以
开头的图像if($ info [2] == IMAGETYPE_JPEG)
{
//文件看起来是一张有效的jpeg图片
}
}
据我所知,这是一种老派的方法,尽管它是可靠的。我相信,依赖于平台Windows / * nix)和版本(< 5.3,> = 5.3),但有更可靠的方法来确定文件的实际MIME类型。
编辑:
我忘记了关于
$ b
target_path。 basename($ _FILES ['uploadedfile'] ['name']);
... with this:
$ target_path = $ target_path。 profile.jpg;
换句话说,当您使用 move_uploaded_file() code>第二个参数将是新路径(包括新文件名)。
Im creating a image uploader, and i dont know how to do so only the filetype can be .jpg so im asking you, do you know it?
heres what i got so far:
<?php
session_start();
if($_SESSION['username']) {
$target_path = "users/$username/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
"has been uploaded";
header("Location: user.php");
} else{
echo "There was an error uploading the file, please try again!";
}
}
else {
echo "Only members can be here. Register <a href='index.php'>here</a>";
}
?>
And one more thing, how may i rename the uploaded file to : "profile.jpg" ?
解决方案
There are some important things to consider here:
First of all, never rely on the file extension that was provided. I could upload a php file with the extension
.jpg
if I wanted. Granted, I'd probably have to do some more to actually get it to execute as a php file on your server, but it certainly was not a valid image.
If the upload was successful,
$_FILES[ 'uploadedfile' ][ 'type' ]
will hold the mime-type that was provided by the request. However, this should also not be trusted, as this can be tampered with as well.
A more reliable way to determine whether the uploaded file is actually an image of type jpeg is to use the function
getimagesize
. getimagesize()
will return false if it's not a valid image and will return an array with information about the image, if it recognized the file as an image. Index 2
of the array will hold a value that corresponds with one of these constants that begin with IMAGETYPE_
.
$info = getimagesize( $_FILES[ 'uploadedfile' ]['tmp_name'] );
if( $info !== false )
{
// file is an image to begin with
if( $info[ 2 ] == IMAGETYPE_JPEG )
{
// file appears to be a valid jpeg image
}
}
This is somewhat of an old school method which, as far as I know, is reliable though.
I believe, depending on platform (Windows/*nix) and version (< 5.3, >= 5.3) there are more reliable ways to determine the actual mime-type of a file though. I'll see what I can find for you about that later on.
edit:
I forgot about the renaming part.
Simply replace this:
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
... with this:
$target_path = $target_path . 'profile.jpg';
In other words, when you move the file with
move_uploaded_file()
the second argument will be the new path (including the new file name).
这篇关于特定文件类型是否允许php上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!