堆栈内存溢出
  简体   繁体   English

PHP图像验证脚本

[英]PHP image validation script

 原文  2014-03-25 06:31:42       php/ image/ validation

问题描述

I would like to make an image validation script for making news items. 我想制作一个用于制作新闻项目的图像验证脚本。 As I already searched for other examples my PHP knowlegde isn't that great to implement it. 正如我已经在搜索其他示例中一样,我的PHP Knowlegde并不是很好的实现它。

HTML: HTML: 

<input class="form-control contact-control" type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input class="form-control contact-control" type="file" name="image" id="image">

PHP: PHP: 

$news_item = $_POST['item'];
$news_date = $_POST['date'];
$news_text = $_POST['text'];
$max_file_size = 1000000;
$path = ("../../../database/img/");
$news_image = $_FILES['image']['name']; 
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];

    if(!empty($news_item) && !empty($news_date) && !empty($news_text) && !empty($news_image)) {
        if(($image_type == 'image/jpeg') || ($image_type == 'image/png') || ($image_type == 'image/gif') && ($image_size > 0) && ($image_size <= $max_file_size)) {
            if($_FILES['file']['error'] == 0) {
                $target = $path . $news_image;
                if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) {
                    $query_news = "INSERT INTO news(Item, Date_item, News_text, Photo) VALUES('".$news_item."', '".$news_date."', '".$news_text."', '".$uploaded_dir.$news_image."')";
                    mysql_query($query_news);
                } else {
                    $update_news = "UPDATE news SET Item = '".$news_item."', Date_item = '".$news_date."', News_text = '".$news_text."', Photo = '".$uploaded_dir.$news_image."'";
                    mysql_query($update_news);
                }
            }
        } else {
            echo 'The screenshot must be a GIF, JPEG or PNG image no ' . 'less than ' . ($max_file_size / 1000000) . 'mb in size.';
        }

        @unlink($_FILES['image']['tmp_name']);

    } else {
        echo 'Please enter alll of the information.';
    }

There isn't added a new row of information into the database and also no image stored. 没有在数据库中添加新的信息行,也没有存储图像。 As I suspect one of the if statement goes false. 我怀疑if语句之一为假。

2 个解决方案

解决方案1
 0  2014-03-25 06:42:39

First, you don't need to remove a temp file @unlink($_FILES['image']['tmp_name']); 首先,您不需要删除临时文件@unlink($_FILES['image']['tmp_name']); . Just delete this line. 只需删除此行。

Second, your script is exposed to SQL Injection because you use POST values directly without filtration. 其次,由于您直接使用POST值而不进行过滤,因此脚本会遭受SQL注入。

Third, you have a type here: if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) { . 第三,您在此处输入以下类型: if(move_uploaded_file($_FILES['image']['tpm_name'], $target)) { Array key right name is tmp_name . 阵列键权限名称为tmp_name

解决方案2
 0  2014-03-25 06:44:27

You have a typo. 你有错字 

($_FILES['image']['tpm_name'], $target)
                   ^^^^^^^^

Change it to ($_FILES['image']['tmp_name'], $target) 更改为($_FILES['image']['tmp_name'], $target)

BUT, this $uploaded_dir is still unassigned which most likely seems it should be $target 但是,此$uploaded_dir仍未分配,这很可能应该是$target

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证PHP邮件脚本 - Validation of php mail script PHP脚本验证错误 - php script validation error 调试PHP验证脚本 - Debugging PHP validation script PHP电子邮件验证脚本 - PHP email validation script 带有zip验证的php图像验证 - php image validation with zip validation 图片上的PHP验证 - PHP validation on image PHP映像类型验证 - PHP Image Type Validation 奇怪的图像PHP验证 - strange image php validation PHP图像验证 - Php image validation PHP表单处理和验证脚本 - PHP Form handling and validation script
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM