Detailed explanation of PHP file upload processing case
This article mainly introduces the PHP file upload processing method, and analyzes the problems encountered in the PHP file upload operation and related solutions in the form of examples. Friends in need can refer to the following
The examples in this article describe PHP file upload processing method. I would like to share it with you for your reference. The details are as follows:
I recently encountered something that troubled me for a long time. I want to share my initial thoughts.
PHP’s upload mechanism is very completely encapsulated. , it can be implemented with just a few lines of code. The implementation process is as follows
UPLOAD the file to the temporary directory->Use move_uploadde_file() to the specified directory
This is the PHP upload process, or you can perform some verification in the middle. For example, determine whether the document is submitted through the upload method, or whether the file extension is
allowed by us, and a series of verifications. The simple code I gave can be regarded as a starting point.
$targetFolder = '/uploads'; // 定义根目录
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
if(is_uploaded_file($tempFile))
{
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
$targetFile = rtrim($targetPath,'/') . '/' . $_FILES['Filedata']['name'];
$fileTypes = array('jpg','jpeg','gif','png'); // 允许的后缀扩展
$fileParts = pathinfo($_FILES['Filedata']['name']);
if (in_array($fileParts['extension'],$fileTypes)) {
move_uploaded_file($tempFile,$targetFile);
echo '1';
} else {
echo '非法上传文档.';
}
}else
{
echo "非法上传文件";
}
}
The above method basically meets the requirements for file upload. But that's not what I need.
Upload function
Requirements: First click to upload the document, and then select the upload file. After JS is uploaded, a value will be returned to display the current timestamp name. The file is in the Document Name box.
Then click Submit to submit the form.
The server processes the submitted form and renames the uploaded file.
The problem also arises. The server is IIS, and it is a virtual directory implemented using mapping.
In this case $_SERVER['DOCUMENT_ROOT'] is not in the root directory of the PHP site
Although the upload function is completed, this file cannot be downloaded. From the perspective of server security, I still plan to place the file in the PHP site.
Then I fell into a thinking limitation.
Think about it again:
Why I don’t need to implement PHP’s upload mechanism again.
Don’t PHP put the files in the temporary directory first? Then why do I assume that the directory after the JS upload is successful is also a temporary directory,
and then copy the file when submitting the form again. Go to the specified directory to complete the required function.
PHP has a file copy function Copy(); and then cooperates with the rename() function. In this way, the second move and renaming of the uploaded file can be completed.
Note: If you copy a zero-byte file under the window platform, copy() will return FALSE, but the file will be copied correctly.
Then PHP actively refers to the file processing mechanism of Liunx in file processing. PHP's file operation efficiency is related to I/O writing and the operating system.
Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.
Related recommendations:
phpThe solution to garbled characters found after docking with Apache
php Use cookies to realize the function of remembering user names and passwords on web pages
PHP uses Curl to implement simulated login and capture data function examples
The above is the detailed content of Detailed explanation of PHP file upload processing case. For more information, please follow other related articles on the PHP Chinese website!
What data can be stored in a PHP session?May 02, 2025 am 12:17 AMPHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.
How do you start a PHP session?May 02, 2025 am 12:16 AMTostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei
What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AMSession regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.
What are some performance considerations when using PHP sessions?May 02, 2025 am 12:11 AMPHP sessions have a significant impact on application performance. Optimization methods include: 1. Use a database to store session data to improve response speed; 2. Reduce the use of session data and only store necessary information; 3. Use a non-blocking session processor to improve concurrency capabilities; 4. Adjust the session expiration time to balance user experience and server burden; 5. Use persistent sessions to reduce the number of data read and write times.
How do PHP sessions differ from cookies?May 02, 2025 am 12:03 AMPHPsessionsareserver-side,whilecookiesareclient-side.1)Sessionsstoredataontheserver,aremoresecure,andhandlelargerdata.2)Cookiesstoredataontheclient,arelesssecure,andlimitedinsize.Usesessionsforsensitivedataandcookiesfornon-sensitive,client-sidedata.
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
SublimeText3 Chinese version
Chinese version, very easy to use
SublimeText3 Linux new version
SublimeText3 Linux latest version
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
