我有一個file-type
驗證,檢查image
擴展。PHP:文件驗證隨機工作
然而,當我嘗試上傳文件,如.exe
或.mp3
和幾乎所有的東西比允許擴展其它:
$allowed_ext = array('jpg', 'jpeg', 'png', 'gif');
它隨機的作品,我的意思是,有時候它呼應了錯誤,並且有時錯誤不被回聲。
這是檢查的分機的線路....啄
if (in_array($image_ext, $allowed_ext) === false){
$errors[] = '<font color="red">*File type is not allowed.</font>';
}
全碼:
if (isset($_FILES['image'], $_POST['album_id'])){
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_temp = $_FILES['image']['tmp_name'];
$allowed_ext = array('jpg', 'jpeg', 'png', 'gif');
//seperate thingies
$tmp = explode('.', $image_name);
$image_ext = strtolower(end($tmp));
$album_id = $_POST['album_id'];
//error array
$errors = array();
if (empty($image_name)){
$errors[] = '<font color="red">*Please choose a photo.</font>';
}
if (empty($album_id)){
$errors[] = '<font color="red">Invalid album.</font>';
} else {
// not allowed extension?
if (!$allowed_ext){
$errors[] = '<font color="red">*The file type is not supported</font>';
}
if (in_array($image_ext, $allowed_ext) === false){
$errors[] = '<font color="red">*File type is not allowed.</font>';
}
// 5 MB file
if ($image_size > 5242880){
$errors[] = '<font color="red">*Maximum file size is 2MB.</font>';
}
if (album_check($album_id) === false){
$errors[] = '<font color="red">*Couldn\'t upload to that album.</font>';
}
// puting this in here prevent undefined index error.
$caption = $_POST['caption'];
if (empty($caption)){
$errors[] = '<font color="red">*Caption cannot be empty</font>';
}
}
// check if error, if error, echo errors
if (!empty($errors)){
foreach ($errors as $error){
echo $error, '<br />';
}
} else {
// upload the image if no error
upload_image($image_temp, $image_ext, $album_id);
header('Location: view_album.php?album_id='.$album_id);
exit();
}
後烏爾全碼 – 2013-05-14 07:07:48
你爲什麼要檢查其虛假的,如果當你正在檢查只有一個..有沒有必要如果 – 2013-05-14 07:09:36
需要您的完整代碼。同時也希望您明白,僅通過擴展來檢查文件並不是一種防止上傳惡意代碼的簡單方法。 – 2013-05-14 07:09:49