PHP 上传文件 - 仅图像检查
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9314164/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Uploading files - image only checking
提问by TheBlackBenzKid
I have a simple PHP upload script I have started. I am not the best to PHP. Just looking for some suggestions.
我有一个简单的 PHP 上传脚本。我对PHP不是最好的。只是寻找一些建议。
I want to limit my script to only .JPG, .JPEG, .GIF and .PNG
我想将我的脚本限制为仅 .JPG、.JPEG、.GIF 和 .PNG
Is this possible?
这可能吗?
<?php
/*
Temp Uploader
*/
# vars
$mx=rand();
$advid=$_REQUEST["advid"];
$hash=md5(rand);
# create our temp dir
mkdir("./uploads/tempads/".$advid."/".$mx."/".$hash."/", 0777, true);
# upload dir
$uploaddir = './uploads/tempads/'.$advid.'/'.$mx.'/'.$hash.'/';
$file = $uploaddir . basename($_FILES['file']['name']);
// I was thinking of a large IF STATEMENT HERE ..
# upload the file
if (move_uploaded_file($_FILES['file']['tmp_name'], $file)) {
$result = 1;
} else {
$result = 0;
}
sleep(10);
echo $result;
?>
回答by Marc B
Yes, quite easily. But first off, you need some extra bits:
是的,很容易。但首先,您需要一些额外的位:
// never assume the upload succeeded
if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error code " . $_FILES['file']['error']);
}
$info = getimagesize($_FILES['file']['tmp_name']);
if ($info === FALSE) {
die("Unable to determine image type of uploaded file");
}
if (($info[2] !== IMAGETYPE_GIF) && ($info[2] !== IMAGETYPE_JPEG) && ($info[2] !== IMAGETYPE_PNG)) {
die("Not a gif/jpeg/png");
}
Relevant docs: file upload errors, getimagesizeand image constants.
相关文档:文件上传错误、getimagesize和图像常量。
回答by Jeremy Harris
File path isn't necessarily the best way to check if an image really is an image. I could take a malicious javascript file, rename it to have the .jpg extension, and upload it. Now when you try to display it in your website, I may have just compromised your site.
文件路径不一定是检查图像是否真的是图像的最佳方式。我可以获取一个恶意的 javascript 文件,将其重命名为 .jpg 扩展名,然后上传它。现在,当您尝试在您的网站上显示它时,我可能刚刚破坏了您的网站。
Here is a function to validate it really is an image:
这是一个验证它确实是图像的函数:
<?php
function isImage($img){
return (bool)getimagesize($img);
}
?>
回答by a77mp
try this:
尝试这个:
<?php
function isimage(){
$type=$_FILES['my-image']['type'];
$extensions=array('image/jpg','image/jpe','image/jpeg','image/jfif','image/png','image/bmp','image/dib','image/gif');
if(in_array($type, $extensions)){
return true;
}
else
{
return false;
}
}
if(isimage()){
//do codes..
}
?>
回答by tvgemert
Or take a look at: http://php.net/manual/en/function.pathinfo.php
回答by dee
if (substr($_FILES["fieldName"]["name"], strlen($_FILES["fieldName"]["name"])-4) == ".jpg")
{
if(move_uploaded_file($_FILES["fieldName"]["tmp_name"],$path."/".$_FILES['fieldName']['name']))
{
echo "image sucessfully uploaded!";
}
}
similarly you can check for other image formats too.
同样,您也可以检查其他图像格式。
