上传错误的文件类型时无法得到回显错误 PHP
Can't get echo error when uploading wrong file type PHP
我正在努力做到这一点,以便在用户上传任何非 csv 文件的文档时出现回显错误。但是,当我对其进行测试时,我在正确的文件类型和不正确的文件类型上都收到了回声错误。有人知道我哪里出错了吗?
<?php
ob_clean();session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
if(isset($_FILES['UploadFileField'])){
$allowed = array('csv');
$UploadName = $_FILES['UploadFileField']['name'];
$UploadTmp = $_FILES['UploadFileField']['tmp_name'];
$UploadType = $_FILES['UploadFileField']['type'];
$NewFileName = "project1file.txt";
if(!$UploadTmp){
echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
}else{
move_uploaded_file($UploadTmp, "UPLOADS/$NewFileName");
echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';
}
if(!in_array($UploadTmp,$allowed) ) {
echo 'error';
}
}
?>
使用以下代码查找上传文件的扩展名:
$type = $_FILES["UploadFileField"]["type"];
然后回显
if(!in_array($type,$allowed) ) {
echo 'error';
}
更新 1:
$mimes = array('application/vnd.ms-excel','text/plain','text/csv','text/tsv');
if(in_array($_FILES['UploadFileField']['type'],$mimes)){
// do something
} else {
die("Sorry, mime type not allowed");
}
更新 2:
你也可以用这个,其实$_FILES...['type']用起来不安全。
$types = array('csv');
$ext = pathinfo($UploadName, PATHINFO_EXTENSION);
if(in_array($ext,$types)){
// do something
} else {
die("Sorry, only CSV type allowed");
}
虽然 csv 确实有一个 RFC and hence a mimetype,但仍有很多设备没有预先配置适当的 mimetype(但请注意,CSV 实际上是一个格式家族)。
mimetype 和扩展名都是客户端关于文件内容的断言,不应被信任。
至于为什么您的代码没有按照您的预期执行....您正在比较 mimetype( 应该 是 'text/csv')与 'csv'.他们不一样。
至于你错在哪里....
您的代码没有注释。您可以通过检测代码来详细说明实际到达服务器的内容,从而自己发现问题。你不应该在验证文件之前调用 move_uploaded_file() ,你应该有一个更强大的方法来验证文件。
请在isset文件条件中添加3个变量。
1.$target_dir = "uploads/";
2.$target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
3.$FileType = pathinfo($target_file,PATHINFO_EXTENSION);
所以条件是
if (isset($_FILES['UploadFileField']))
{
$allowed = array('csv');
$UploadName = $_FILES['UploadFileField']['name'];
$UploadTmp = $_FILES['UploadFileField']['tmp_name'];
$UploadType = $_FILES['UploadFileField']['type'];
$NewFileName = "project1file.txt";
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
$FileType = pathinfo($target_file, PATHINFO_EXTENSION);
}
if (!$FileType)
{
echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
}
else
{
move_uploaded_file($UploadTmp, $target_file);
echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';
}
if (!in_array($FileType, $allowed))
{
echo 'error';
}
请检查您的文件夹名称。现在是 "upload".
我正在努力做到这一点,以便在用户上传任何非 csv 文件的文档时出现回显错误。但是,当我对其进行测试时,我在正确的文件类型和不正确的文件类型上都收到了回声错误。有人知道我哪里出错了吗?
<?php
ob_clean();session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
if(isset($_FILES['UploadFileField'])){
$allowed = array('csv');
$UploadName = $_FILES['UploadFileField']['name'];
$UploadTmp = $_FILES['UploadFileField']['tmp_name'];
$UploadType = $_FILES['UploadFileField']['type'];
$NewFileName = "project1file.txt";
if(!$UploadTmp){
echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
}else{
move_uploaded_file($UploadTmp, "UPLOADS/$NewFileName");
echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';
}
if(!in_array($UploadTmp,$allowed) ) {
echo 'error';
}
}
?>
使用以下代码查找上传文件的扩展名:
$type = $_FILES["UploadFileField"]["type"];
然后回显
if(!in_array($type,$allowed) ) {
echo 'error';
}
更新 1:
$mimes = array('application/vnd.ms-excel','text/plain','text/csv','text/tsv');
if(in_array($_FILES['UploadFileField']['type'],$mimes)){
// do something
} else {
die("Sorry, mime type not allowed");
}
更新 2:
你也可以用这个,其实$_FILES...['type']用起来不安全。
$types = array('csv');
$ext = pathinfo($UploadName, PATHINFO_EXTENSION);
if(in_array($ext,$types)){
// do something
} else {
die("Sorry, only CSV type allowed");
}
虽然 csv 确实有一个 RFC and hence a mimetype,但仍有很多设备没有预先配置适当的 mimetype(但请注意,CSV 实际上是一个格式家族)。
mimetype 和扩展名都是客户端关于文件内容的断言,不应被信任。
至于为什么您的代码没有按照您的预期执行....您正在比较 mimetype( 应该 是 'text/csv')与 'csv'.他们不一样。
至于你错在哪里....
您的代码没有注释。您可以通过检测代码来详细说明实际到达服务器的内容,从而自己发现问题。你不应该在验证文件之前调用 move_uploaded_file() ,你应该有一个更强大的方法来验证文件。
请在isset文件条件中添加3个变量。
1.$target_dir = "uploads/";
2.$target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
3.$FileType = pathinfo($target_file,PATHINFO_EXTENSION);
所以条件是
if (isset($_FILES['UploadFileField']))
{
$allowed = array('csv');
$UploadName = $_FILES['UploadFileField']['name'];
$UploadTmp = $_FILES['UploadFileField']['tmp_name'];
$UploadType = $_FILES['UploadFileField']['type'];
$NewFileName = "project1file.txt";
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["UploadFileField"]["name"]);
$FileType = pathinfo($target_file, PATHINFO_EXTENSION);
}
if (!$FileType)
{
echo '<font color="#FF0000" size="3"><p align="center"><b>No File Selected, Please Try Again.</b></p></font>';
}
else
{
move_uploaded_file($UploadTmp, $target_file);
echo '<font color="#006600" size="3"><p align="center"><b>File Successfully Uploaded.</b></p></font>';
}
if (!in_array($FileType, $allowed))
{
echo 'error';
}
请检查您的文件夹名称。现在是 "upload".