PHP文件上传的具体思路及实现

Home

Backend Development

PHP Tutorial

PHP文件上传的具体思路及实现_PHP

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 12:33 PM

ifmessageuploadspecificaccomplishIdeasdocument

最近一段时间对PHP文件处理方面很感兴趣，因此在许多站点上看了许多的文件处理的文章，但是国内许多的站点上的PHP文件处理方面的知识大多数是你抄我的我抄你的，用baidu.com或者是google.com搜索出来的东西多是重复的。最近在国外一个站点上盾了一篇文章感觉很不错，因此推荐给大家阅读。

首先我们有必要说明一下文件上传的操作流程及用到的知识点：

文件上传我们需要用到HTML里面表单的type="file"类型，及其enctype属性。这是我们大家必须要用的。当然了PHP函数库当中的FILE函数库，字符串类型函数库，目录函数库及$_FILES[]的使用是我们必须要用到的。

也许每一个站点都可能会对上传文件有许多的限制，这些限制会包括文件类型，文件大小，扩展名，以及上传目录的存在与否，上传文件的存在与否，目录的可写性，可读性，上传文件的改名及怎样把文件从缓存当中复制到你所需要的目录当中。

当然出错的预处理也是我们不容忽视的!如果再深一步的讨论我们还可以对文件的操作起用事件日志的记录。

下面我们通过一段程序来实现这些功能：

--------------------------------------------------------------------------------------------

首先是我们预设的变量值，它包括文件大小，文件扩展名类型，MIMI类型，及是否删除的开关变量

$MAX_SIZE = 2000000;
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$FILE_EXTS  = array('.zip','.jpg','.png','.gif');

$DELETABLE  = true;

下一部就是设置浏览器访问变量及目录访问变量：

$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

建立上传目录并相应改变权限：

if (!is_dir("files")) {
  if (!mkdir($upload_dir))
   die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
   die ("change permission to 755 failed.");
}

用户请求的处理：

if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);

  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

$file_type = $_FILES['userfile']['type'];
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //文件大小的检查：

  if ( $_FILES['userfile']['size'] > $MAX_SIZE)
     $message = "The file size is over 2MB.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);

  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

列出我们上传的文件：

$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "".$file."";
      if ($DELETABLE)
        $filelist .= " x";
      $filelist .= "_{".date("d-m H:i", filemtime($upload_dir.$file))
                   ."}";
      $filelist .="
";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
  if ( $file_name =="") {
   $message = "Invalid File Name Specified";
   return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
    $message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
            "Somthing is wrong with uploading a file.";
  return $message;
}

?>

   =$_REQUEST[message]?>





My Files

=$filelist?>

^{Developed By
CityPost.ca}

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between unset() and session_destroy()?May 04, 2025 am 12:19 AM

Thedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls

What is sticky sessions (session affinity) in the context of load balancing?May 04, 2025 am 12:16 AM

Stickysessionsensureuserrequestsareroutedtothesameserverforsessiondataconsistency.1)SessionIdentificationassignsuserstoserversusingcookiesorURLmodifications.2)ConsistentRoutingdirectssubsequentrequeststothesameserver.3)LoadBalancingdistributesnewuser

What are the different session save handlers available in PHP?May 04, 2025 am 12:14 AM

PHPoffersvarioussessionsavehandlers:1)Files:Default,simplebutmaybottleneckonhigh-trafficsites.2)Memcached:High-performance,idealforspeed-criticalapplications.3)Redis:SimilartoMemcached,withaddedpersistence.4)Databases:Offerscontrol,usefulforintegrati

What is a session in PHP, and why are they used?May 04, 2025 am 12:12 AM

Session in PHP is a mechanism for saving user data on the server side to maintain state between multiple requests. Specifically, 1) the session is started by the session_start() function, and data is stored and read through the $_SESSION super global array; 2) the session data is stored in the server's temporary files by default, but can be optimized through database or memory storage; 3) the session can be used to realize user login status tracking and shopping cart management functions; 4) Pay attention to the secure transmission and performance optimization of the session to ensure the security and efficiency of the application.

Explain the lifecycle of a PHP session.May 04, 2025 am 12:04 AM

PHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Dead Rails - How To Tame Wolves

3 weeks agoByDDD

Strength Levels for Every Enemy & Monster in R.E.P.O.

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks agoByDDD

Hot Tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.