PHP 只允许用户提交小于 php ini 上传最大值的文件
PHP Only allow user to submit a file less than php ini upload max
在我的网站上,我允许用户提交个人资料图片,我会检查图片是否 "png or jpeg",还会检查文件是否小于“2 mb”,如果是,我会显示一条错误信息。但是当文件小于 php ini 上传最大值时,它会显示消息,但当它更大时,我会收到很多 php 错误,这不是我想要显示的。我如何删除错误并向用户显示我生成的消息。我找到了 post 但 post 是如何读取错误的。当提交的文件大于 200mb 或 php ini 上传最大值时,我只会收到这些错误。当它较低时,它会很好。这是我的代码和错误消息
错误信息
PHP
<?php
session_start();
if(isset($_COOKIE['username'])){
if($_SESSION['came_from_upload'] != true){
setcookie("username", "", time() - 60*60);
$_COOKIE['username'] = "";
header("Location: developerLogin.php");
exit;
}
if($_SERVER['REQUEST_METHOD'] =="POST"){
$userid = $_SESSION['id'];
$fullname = addslashes(trim($_POST['fullname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$password = addslashes(trim($_POST['password']));
$storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
$file_name = addslashes(trim($_FILES['file']['name']));
$file_tmp = addslashes(trim($_FILES['file']['tmp_name']));
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
$stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
$stmtChecker->execute(array($userid));
if(!$stmtChecker->fetch()){
setcookie("username", "", time() - 60*60);
$_COOKIE['username'] = "";
header("Location: developerLogin.php");
exit;
}
if(!empty($fullname)){
$stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
$stmtFullname->execute(array($fullname, $userid));
}
if(!empty($username)){
$stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
$stmtCheckerUsername->execute($username);
if($resultCheckerUsername = $stmtCheckerUsername->fetch()){
die("Username Already in use! Please try again");
}
$stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
$stmtUsername->execute(array($username, $userid));
}
if(!empty($email)){
if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){
die ("Email is Not Valid!");
}
$stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
$stmtCheckerEmail->execute($email);
if($resultCheckerEmail = $stmtCheckerEmail->fetch()){
die("Email Already in use! Please try again");
}
$stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
$stmtEmail->execute(array($email, $userid));
}
if(!empty($password)){
if(strlen($password) < 6){
die ("Password has to be GREATER than 6 characters!");
}
//Check if password has atleast ONE Uppercase, One Lowercase and a number
if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$)",$password)){
echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
exit;
}
$stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
$stmtPassword->execute(array($storePassword, $userid));
}
if($_FILES['file']['error'] == UPLOAD_ERR_OK){
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG);
$detectedType = exif_imagetype($_FILES['file']['tmp_name']);
if($extensionCheck = !in_array($detectedType, $allowedTypes) || $_FILES['file']['size'] < 2000){
die("Failed to upload image; the format is not supported");
}
$dir = "userprofilepicture";
if(is_dir($dir)==false){
mkdir($dir, 0700);
}
move_uploaded_file($file_tmp,$dir.'/'.$file_name);
$stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
$stmtPassword->execute(array($file_name, $userid));
}
echo "ok";
}
}else{
header("Location: developerLogin.php");
exit;
}
?>
我认为这会帮助您找到答案。
How to gracefully handle files that exceed PHP's `post_max_size`?
"If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. , and then checking if $_GET['processed'] is set."
在开始会话后将其放在脚本的开头。
if(empty($_FILES) && empty($_POST) && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ //catch file overload error...
$postMax = ini_get('post_max_size'); //grab the size limits...
echo "<p style=\"color: #F00;\">\nPlease note files larger than {$postMax} will result in this error!<br>Please be advised this is not a limitation in the CMS, This is a limitation of the hosting server.<br>For various reasons they limit the max size of uploaded files, if you have access to the php ini file you can fix this by changing the post_max_size setting.<br> If you can't then please ask your host to increase the size limits, or use the FTP uploaded form</p>"; // echo out error and solutions...
return $postMax
}
提交带有超大文件的表单后,请尝试转储整个 Post。它可能是空的。由于这些是通知消息,您可以使用
error_reporting(E_ALL & ~E_NOTICE);
在您的文件中获取它们。但这不会解决导致此错误的问题。
在我的网站上,我允许用户提交个人资料图片,我会检查图片是否 "png or jpeg",还会检查文件是否小于“2 mb”,如果是,我会显示一条错误信息。但是当文件小于 php ini 上传最大值时,它会显示消息,但当它更大时,我会收到很多 php 错误,这不是我想要显示的。我如何删除错误并向用户显示我生成的消息。我找到了 post 但 post 是如何读取错误的。当提交的文件大于 200mb 或 php ini 上传最大值时,我只会收到这些错误。当它较低时,它会很好。这是我的代码和错误消息
错误信息
PHP
<?php
session_start();
if(isset($_COOKIE['username'])){
if($_SESSION['came_from_upload'] != true){
setcookie("username", "", time() - 60*60);
$_COOKIE['username'] = "";
header("Location: developerLogin.php");
exit;
}
if($_SERVER['REQUEST_METHOD'] =="POST"){
$userid = $_SESSION['id'];
$fullname = addslashes(trim($_POST['fullname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$password = addslashes(trim($_POST['password']));
$storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
$file_name = addslashes(trim($_FILES['file']['name']));
$file_tmp = addslashes(trim($_FILES['file']['tmp_name']));
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
$stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
$stmtChecker->execute(array($userid));
if(!$stmtChecker->fetch()){
setcookie("username", "", time() - 60*60);
$_COOKIE['username'] = "";
header("Location: developerLogin.php");
exit;
}
if(!empty($fullname)){
$stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
$stmtFullname->execute(array($fullname, $userid));
}
if(!empty($username)){
$stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
$stmtCheckerUsername->execute($username);
if($resultCheckerUsername = $stmtCheckerUsername->fetch()){
die("Username Already in use! Please try again");
}
$stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
$stmtUsername->execute(array($username, $userid));
}
if(!empty($email)){
if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){
die ("Email is Not Valid!");
}
$stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
$stmtCheckerEmail->execute($email);
if($resultCheckerEmail = $stmtCheckerEmail->fetch()){
die("Email Already in use! Please try again");
}
$stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
$stmtEmail->execute(array($email, $userid));
}
if(!empty($password)){
if(strlen($password) < 6){
die ("Password has to be GREATER than 6 characters!");
}
//Check if password has atleast ONE Uppercase, One Lowercase and a number
if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$)",$password)){
echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
exit;
}
$stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
$stmtPassword->execute(array($storePassword, $userid));
}
if($_FILES['file']['error'] == UPLOAD_ERR_OK){
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG);
$detectedType = exif_imagetype($_FILES['file']['tmp_name']);
if($extensionCheck = !in_array($detectedType, $allowedTypes) || $_FILES['file']['size'] < 2000){
die("Failed to upload image; the format is not supported");
}
$dir = "userprofilepicture";
if(is_dir($dir)==false){
mkdir($dir, 0700);
}
move_uploaded_file($file_tmp,$dir.'/'.$file_name);
$stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
$stmtPassword->execute(array($file_name, $userid));
}
echo "ok";
}
}else{
header("Location: developerLogin.php");
exit;
}
?>
我认为这会帮助您找到答案。
How to gracefully handle files that exceed PHP's `post_max_size`?
"If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. , and then checking if $_GET['processed'] is set."
在开始会话后将其放在脚本的开头。
if(empty($_FILES) && empty($_POST) && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ //catch file overload error...
$postMax = ini_get('post_max_size'); //grab the size limits...
echo "<p style=\"color: #F00;\">\nPlease note files larger than {$postMax} will result in this error!<br>Please be advised this is not a limitation in the CMS, This is a limitation of the hosting server.<br>For various reasons they limit the max size of uploaded files, if you have access to the php ini file you can fix this by changing the post_max_size setting.<br> If you can't then please ask your host to increase the size limits, or use the FTP uploaded form</p>"; // echo out error and solutions...
return $postMax
}
提交带有超大文件的表单后,请尝试转储整个 Post。它可能是空的。由于这些是通知消息,您可以使用
error_reporting(E_ALL & ~E_NOTICE);
在您的文件中获取它们。但这不会解决导致此错误的问题。