PHP upload principle and operation implementation_PHP tutorial

PHP upload principle and operation implementation

Regarding the function libraries for uploading files in PHP, there are many well-packaged libraries on the Internet that everyone can use directly.

This article only talks about the principle of uploading and simple uploading operations. Old birds will ignore it ^_^~

There are also some security judgments, such as: the server restricts the ability to receive image-type files, and the client maliciously changes the suffix of the virus file to a file that matches the image type for uploading.

(For example, single file upload, the principle of multiple files remains the same, but there are a few more tricks)

index.html

Copy code

Upload files:

Copy code

1. Form tag enctype attribute

enctype="multipart/form-data" in the form is used to set the MIME encoding of the form.

By default, this encoding format is application/x-www-form-urlencoded and cannot be used for file upload;

Only when multipart/form-data is used and the submission method is Post, the file data can be completely transferred.

2. MAX_FILE_SIZE hidden field

MAX_FILE_SIZE hidden field (unit: bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a recommendation for browsers, PHP will also check this.

This setting can be easily bypassed on the browser side, so don't expect to use this feature to block large files. (However, in view of friendliness, it is better to add this item to the form, because it can avoid the trouble of users spending time waiting to upload large files only to find that the file is too large and the upload failed.)

upload.php

print_r($_FILES);

?>

We can see:

Copy code

Array

(

[file] => Array

(

>

[type] => image/jpeg

[tmp_name] => F:wamptmpphp41BB.tmp

                                                                                                                                                                                                                 ​ >

)

)

Copy code

3. Application of global variable $_FILES

$_FILES['file']['name'] is the original file name of the uploaded file

　$_FILES['file']['type']　 is the MIME type of the uploaded file

　$_FILES['file']['size']　The size of the uploaded file, in bytes

　$_FILES['file']['tmp_name'] The temporary file name () stored on the server after the file is uploaded

$_FILES['file']['error'] File upload error code

4. By default, the uploaded file will be saved in the temporary folder on the server, and its directory is set in php.ini

Some common settings in php.ini related to file upload:

file_uploads ; Switch whether to allow file upload via HTTP. The default is ON

upload_tmp_dir ; Files are uploaded to the server where temporary files are stored. If not specified, the system default temporary folder will be used

upload_max_filesize; That is the maximum size of files allowed to be uploaded. Default is 2M

post_max_size; refers to the maximum value that can be received through form POST to PHP, including all values ​​in the form. The default is 8M

The following is the complete code for single file upload. Because it is written as I wish, the logic may be a bit messy. Understanding the principle is the most important thing.

Copy code

//Get uploaded file information

$fileName=$_FILES['file']['name'];

$fileType=$_FILES['file']['type'];

$fileError=$_FILES['file']['error'];

$fileSize=$_FILES['file']['size'];

$tempName=$_FILES['file']['tmp_name'];//Temporary file name

//Define upload file type

$typeList = array("image/jpeg","image/jpg","image/png","image/gif"); //Define allowed types

if(!is_uploaded_file($tempName)){

//Determine whether it is a file uploaded by POST

exit("It was not uploaded via HTTP POST");

}else{

if(!in_array($fileType, $typeList)){

exit("The uploaded file is not of the specified type");

}else{

if(!getimagesize($tempName)){

                                                                                                                                                            // Prevent users from uploading malicious files, such as changing the virus file extension to image format

exit("The uploaded file is not a picture");

      }

}

if($fileError>0){

//Judge the error number of uploaded files

switch ($fileError) {

case 1:

$ message = "uploaded files exceeded the value restricted by upload_max_filesize options in php.ini.";

break;

case 2:

                                                                                                                                                                                                $message="The size of the uploaded file exceeds the value specified by the MAX_FILE_SIZE option in the HTML form.";

break;

case 3:

                        $message="Only part of the file has been uploaded.";

break;

case 4:

                            $message="No files uploaded.";

break;

case 6:

$ message = "Can't find the temporary folder.";

break;

case 7:

                        $message="File writing failed";

break;

case 8:

                                $message="File upload interrupted due to PHP extension";

break;

      }

exit("File upload failed: ".$fileError);

}else{

if($fileSize>100000){

// The upload file of the specific form is limited

                  exit("The uploaded file exceeds the limit size");

      }else{

// Avoid the Chinese name garbled in the Chinese name

                                                      $fileName=iconv("UTF-8", "GBK", $fileName);//Convert the character encoding captured by iconv from utf-8 to gbk output

                                                                                                                                                                                                                                                                                   

                      echo "File uploaded successfully!";

        }else{

echo "uploading files failed";

        }

      }

}

}

?>

Copy code

5. Some common functions for uploading files in PHP: (I won’t post the specific usage, just read the API documentation yourself ^_^)

file_exists　Check whether the file or directory exists

is_uploaded_file Determines whether the file is uploaded via HTTP POST

move_uploaded_file Move the uploaded file to a new location

is_writable Determine whether the given file name is writable

iconv　Character encoding conversion

getimagesize Check whether it is an image file (other types of files can be detected even if the suffix name is changed)

http://www.bkjia.com/PHPjc/854420.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/854420.htmlTechArticlePHP upload principle and operation implementation Regarding the function class library for PHP upload files, there are many complete packages on the Internet. You can directly Just use it. This article just talks about the principle and simplicity of uploading...