[英]PHP image validation script
I would like to make an image validation script for making news items. 我想制作一个用于制作新闻项目的图像验证脚本。 As I already searched for other examples my PHP knowlegde isn't that great to implement it.
正如我已经在搜索其他示例中一样,我的PHP Knowlegde并不是很好的实现它。
HTML: HTML:
<input class="form-control contact-control" type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input class="form-control contact-control" type="file" name="image" id="image">
PHP: PHP:
$news_item = $_POST['item'];
$news_date = $_POST['date'];
$news_text = $_POST['text'];
$max_file_size = 1000000;
$path = ("../../../database/img/");
$news_image = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
if(!empty($news_item) && !empty($news_date) && !empty($news_text) && !empty($news_image)) {
if(($image_type == 'image/jpeg') || ($image_type == 'image/png') || ($image_type == 'image/gif') && ($image_size > 0) && ($image_size <= $max_file_size)) {
if($_FILES['file']['error'] == 0) {
$target = $path . $news_image;
if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) {
$query_news = "INSERT INTO news(Item, Date_item, News_text, Photo) VALUES('".$news_item."', '".$news_date."', '".$news_text."', '".$uploaded_dir.$news_image."')";
mysql_query($query_news);
} else {
$update_news = "UPDATE news SET Item = '".$news_item."', Date_item = '".$news_date."', News_text = '".$news_text."', Photo = '".$uploaded_dir.$news_image."'";
mysql_query($update_news);
}
}
} else {
echo 'The screenshot must be a GIF, JPEG or PNG image no ' . 'less than ' . ($max_file_size / 1000000) . 'mb in size.';
}
@unlink($_FILES['image']['tmp_name']);
} else {
echo 'Please enter alll of the information.';
}
There isn't added a new row of information into the database and also no image stored. 没有在数据库中添加新的信息行,也没有存储图像。 As I suspect one of the if statement goes false.
我怀疑if语句之一为假。
First, you don't need to remove a temp file @unlink($_FILES['image']['tmp_name']);
首先,您不需要删除临时文件
@unlink($_FILES['image']['tmp_name']);
. 。 Just delete this line.
只需删除此行。
Second, your script is exposed to SQL Injection because you use POST values directly without filtration. 其次,由于您直接使用POST值而不进行过滤,因此脚本会遭受SQL注入。
Third, you have a type here: if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) {
. 第三,您在此处输入以下类型:
if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) {
。 Array key right name is tmp_name
. 阵列键权限名称为
tmp_name
。
You have a typo. 你有错字
($_FILES['image']['tpm_name'], $target)
^^^^^^^^
Change it to ($_FILES['image']['tmp_name'], $target)
更改为
($_FILES['image']['tmp_name'], $target)
BUT, this $uploaded_dir
is still unassigned which most likely seems it should be $target
但是,此
$uploaded_dir
仍未分配,这很可能应该是$target
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.