当前位置:theitroad>php php文件上传,如何限制文件上传类型

php php文件上传,如何限制文件上传类型

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/7322137/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-26 02:28:52  来源:igfitidea点击:

php file upload, how to restrict file upload type

phpmysqlfile-uploadfile-type

提问by ABI

I have the following code to check if (resume and reference letter uploaded match desired type (pdf OR doc OR docx) and size (less than 400 kb)

我有以下代码来检查(上传的简历和参考信件是否匹配所需的类型(pdf OR doc OR docx)和大小(小于 400 kb)

//check file extension and size
         $resume= ($_FILES['resume']['name']); 
         $reference= ($_FILES['reference']['name']); 
         $ext = strrchr($resume, ".");
         $ext1 = strrchr($reference, ".");
        if (!(($_FILES["resume"]["type"] == "application/doc")
        || ($_FILES["resume"]["type"] == "application/docx")
        || ($_FILES["resume"]["type"] == "application/pdf" ))
         && (($_FILES["reference"]["type"] == "application/doc")
        || ($_FILES["reference"]["type"] == "application/docx")
        || ($_FILES["reference"]["type"] == "application/pdf"))
        && (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
        && (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
        &&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
        &&  ($_FILES["reference"]["size"] < 400000)) {  

stop user } else { allow files to upload }

This is not working as desired, allows even txt files through + the size limit is not being checked, what is wrong with it?

这不能按预期工作,甚至允许 txt 文件通过 + 未检查大小限制,这有什么问题?

Thanks,

谢谢,

回答by user885983

The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see hereor google.

下面只使用 mime 类型来验证文件,然后检查两者的大小。有关大多数 mime 类型的列表,请参见此处或谷歌。

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}

回答by yvan

The Mime type for docxis application/vnd.openxmlformatsofficedocument.wordprocessingml.document

的 Mime 类型docxapplication/vnd.openxmlformatsofficedocument.wordprocessingml.document

回答by xkrv

Here is some code I wrote in the past..

这是我过去写的一些代码..

function checkFileExtension($ext)
{
    if ($ext == 'ai' || $ext == 'pdf' || $ext == 'jpg' || $ext == 'jpeg' || $ext ==
        'gif' || $ext == 'eps' || $ext == 'tif' || $ext == 'png' || $ext == 'xls' || $ext ==
        'xlsx' || $ext == 'doc' || $ext == 'docx' || $ext == 'ppt' || $ext == 'pptx' ||
        $ext == 'zip' || $ext == 'rar' || $ext == 'sitx' || $ext == 'psd' || $ext ==
        'indd' || $ext == 'dng') {
        $pass = (int)1;
    } else {
        $pass = (int)0;
    }
    return (int)$pass;
}


$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];

if($fileAccepted==1 && $fileSize > '82428800'){
    // do stuff
}

回答by Hassan Al-Jeshi

To do that I usually using something like that:

为此,我通常使用类似的方法:

$filename = $_FILES['field_name']['name']; // Get the name of the file (including file extension).
$ext = strtolower(substr($filename, strpos($filename,'.'), strlen($filename)-1)); //get the extention in lower case

And than check if the file extension is accepted.

然后检查文件扩展名是否被接受。

Also be aware that that the user can simply change the extension for a dangerous file, so it is safer to check with the mime type

另请注意,用户可以简单地更改危险文件的扩展名,因此检查 mime 类型会更安全

回答by Hassan Al-Jeshi

This may be useful:

这可能很有用:

First check desired mime types to verify:

首先检查所需的 MIME 类型以验证:

Microsoft Office MIME Typesand List of MIME Types

Microsoft Office MIME 类型MIME 类型列表

Then try make your code easier...

然后尝试使您的代码更容易...

    $mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 
'application/vnd.openxmlformats-officedocument.presentationml.presentation');

    if (in_array($_FILES["resume"]["type"], $mimeTypes))
    {
        // File's OK
    }
    else
    {
        // Bad file !
    }

Important: User may change file extension, so always check the mime type intead of extension!! =)

重要提示:用户可能会更改文件扩展名,因此请务必检查 MIME 类型而不是扩展名!!=)

相关推荐

php 我可以在 iPad 2 上编程吗?

php 我可以在 iPad 2 上编程吗?

php 如何编写与 Laravel 相同的 DD() 函数?

php 如何编写与 Laravel 相同的 DD() 函数?

php 如何使用 Doctrine 查询 NOT NULL?

php 如何使用 Doctrine 查询 NOT NULL?

php 如何获取 WordPress 中的所有帖子标签?

php 如何获取 WordPress 中的所有帖子标签?

相关推荐
最近更新
标签