PHP文件上传的具体思路及实现

Home

Backend Development

PHP Tutorial

PHP文件上传的具体思路及实现_PHP

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 12:33 PM

ifmessageuploadspecificaccomplishIdeasdocument

最近一段时间对PHP文件处理方面很感兴趣，因此在许多站点上看了许多的文件处理的文章，但是国内许多的站点上的PHP文件处理方面的知识大多数是你抄我的我抄你的，用baidu.com或者是google.com搜索出来的东西多是重复的。最近在国外一个站点上盾了一篇文章感觉很不错，因此推荐给大家阅读。

首先我们有必要说明一下文件上传的操作流程及用到的知识点：

文件上传我们需要用到HTML里面表单的type="file"类型，及其enctype属性。这是我们大家必须要用的。当然了PHP函数库当中的FILE函数库，字符串类型函数库，目录函数库及$_FILES[]的使用是我们必须要用到的。

也许每一个站点都可能会对上传文件有许多的限制，这些限制会包括文件类型，文件大小，扩展名，以及上传目录的存在与否，上传文件的存在与否，目录的可写性，可读性，上传文件的改名及怎样把文件从缓存当中复制到你所需要的目录当中。

当然出错的预处理也是我们不容忽视的!如果再深一步的讨论我们还可以对文件的操作起用事件日志的记录。

下面我们通过一段程序来实现这些功能：

--------------------------------------------------------------------------------------------

首先是我们预设的变量值，它包括文件大小，文件扩展名类型，MIMI类型，及是否删除的开关变量

$MAX_SIZE = 2000000;
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$FILE_EXTS  = array('.zip','.jpg','.png','.gif');

$DELETABLE  = true;

下一部就是设置浏览器访问变量及目录访问变量：

$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

建立上传目录并相应改变权限：

if (!is_dir("files")) {
  if (!mkdir($upload_dir))
   die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
   die ("change permission to 755 failed.");
}

用户请求的处理：

if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);

  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

$file_type = $_FILES['userfile']['type'];
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //文件大小的检查：

  if ( $_FILES['userfile']['size'] > $MAX_SIZE)
     $message = "The file size is over 2MB.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);

  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

列出我们上传的文件：

$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "".$file."";
      if ($DELETABLE)
        $filelist .= " x";
      $filelist .= "_{".date("d-m H:i", filemtime($upload_dir.$file))
                   ."}";
      $filelist .="
";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
  if ( $file_name =="") {
   $message = "Invalid File Name Specified";
   return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
    $message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
            "Somthing is wrong with uploading a file.";
  return $message;
}

?>

   =$_REQUEST[message]?>





My Files

=$filelist?>

^{Developed By
CityPost.ca}

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

What is the importance of setting the httponly flag for session cookies?May 03, 2025 am 12:10 AM

Setting the httponly flag is crucial for session cookies because it can effectively prevent XSS attacks and protect user session information. Specifically, 1) the httponly flag prevents JavaScript from accessing cookies, 2) the flag can be set through setcookies and make_response in PHP and Flask, 3) Although it cannot be prevented from all attacks, it should be part of the overall security policy.

What problem do PHP sessions solve in web development?May 03, 2025 am 12:02 AM

PHPsessionssolvetheproblemofmaintainingstateacrossmultipleHTTPrequestsbystoringdataontheserverandassociatingitwithauniquesessionID.1)Theystoredataserver-side,typicallyinfilesordatabases,anduseasessionIDstoredinacookietoretrievedata.2)Sessionsenhances

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

See all articles