Home  >  Article  >  Backend Development  >  PHP image file upload implementation code_PHP tutorial

PHP image file upload implementation code_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:32:44799browse

For the security of the website, uploading of php files is definitely not allowed. If someone enters your backend and uploads a php file, all of your website source code will be saved and become his, and he can directly package it and look at your code. Therefore, you must control the uploaded directory and file type. Generally, only images can be uploaded.

Create a file upload form
It is very useful to allow users to upload files from a form.
Please look at the HTML form below for uploading files:

Copy the code The code is as follows:



enctype="multipart/form-data">









Please Note the following information about this form: The enctype attribute of the
tag specifies which content type to use when submitting the form. Use "multipart/form-data" when your form requires binary data, such as file content. The type="file" attribute of the
tag specifies that the input should be processed as a file. For example, when previewing in a browser, you'll see a browse button next to the input box.
Note: Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.
Create an upload script
The "upload_file.php" file contains the code for uploading files:
Copy the code The code is as follows:

if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"][ "error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "< ;br />";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES ["file"]["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>

By using PHP's global array $_FILES, you can upload files from the client computer to the remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name" or "error". Like this:
Copy code The code is as follows:

$_FILES["file"]["name"] - is The name of the uploaded file
$_FILES["file"]["type"] - the type of the uploaded file
$_FILES["file"]["size"] - the size of the uploaded file, in bytes count
$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] - The error code caused by the file upload

This is a very simple way to upload files. For security reasons, you should add restrictions on who has permission to upload files.
Upload Limit
In this script, we add a limit to file upload. Users can only upload .gif or .jpeg files, and the file size must be less than 20 kb:
Copy code The code is as follows:

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] = = "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size" ] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file" ]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ( $_FILES["file"]["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>

Note: For IE, jpg files are recognized The type must be pjpeg, or for FireFox, jpeg.
Save the uploaded file
The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copy will disappear when the script ends. To save the uploaded file, we need to copy it to another location:
Copy code The code is as follows:

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "
";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>

上面的脚本检测了是否已存在此文件,如果不存在,则把文件拷贝到指定的文件夹。
注释:这个例子把文件保存到了名为 "upload" 的新文件夹。

www.bkjia.comtruehttp://www.bkjia.com/PHPjc/322755.htmlTechArticle为了网站的安全,肯定不让上传php文件,如果有人进入你的后台,上传了一个php文件,你的网站源码,全部救变成他的了,直接打包看你的...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn