如何使用 pathinfo_extension 在 php 中仅上传特定格式的图片

How to upload only certain formats in image upload in php using pathinfo_extension

我的页面中有一个图片上传部分。用户应该只上传图像格式。我创建了代码,并使用 PATHINFO_EXTENSION 检查文件扩展名。

if(isset($_POST['addstaff']))
{
    $name=$_POST['name'];
    $photo=$_FILES['photo']['name'];
    $phototmp=$_FILES['photo']['tmp_name'];
    $location="staff/";
    $uploading=move_uploaded_file($phototmp,"staff/".$photo);
    $up="staff/".$photo;
    $imageFileType = strtolower(pathinfo($photo,PATHINFO_EXTENSION));
    $empid=$_POST['empid'];
    $pass=$_POST['pass'];
    $password=password_hash($pass,PASSWORD_BCRYPT);
    $branch=$_POST['branch'];
    $doj=$_POST['doj'];
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
        echo "<script>alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');</script>";
        }
        else{
            $query="insert into staffdetails value('','$name','$empid','$branch','$doj','$up')";
        $exe=mysqli_query($con,$query);
        if($exe){
            echo "<script>alert('Inserted');</script>";
        }
        else{
            echo "errr".mysqli_error($con);
        }
        }


}

这里的问题是当我上传 php 文件或任何其他文件而不是图像文件时,它会正确显示警告消息 "Sorry, only JPG, JPEG, PNG & GIF files are allowed." 但它也会插入文件。我在 if else 条件中添加了这个然后 if 和 else 条件如何一起工作。请任何人帮助

您应该在验证成功后调用 move_uploaded_file() 函数

将代码更改为以下

if(isset($_POST['addstaff']))
{
    $name=$_POST['name'];
    $photo=$_FILES['photo']['name'];
    $phototmp=$_FILES['photo']['tmp_name'];
    $location="staff/";
    $up="staff/".$photo;
    $imageFileType = strtolower(pathinfo($photo,PATHINFO_EXTENSION));
    $empid=$_POST['empid'];
    $pass=$_POST['pass'];
    $password=password_hash($pass,PASSWORD_BCRYPT);
    $branch=$_POST['branch'];
    $doj=$_POST['doj'];
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
        echo "<script>alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');</script>";
        }
        else{
            $uploading=move_uploaded_file($phototmp,"staff/".$photo);
            $query="insert into staffdetails value('','$name','$empid','$branch','$doj','$up')";
            $exe=mysqli_query($con,$query);
           if($exe){
               echo "<script>alert('Inserted');</script>";
           }
           else{
               echo "errr".mysqli_error($con);
           }
        }


}