堆栈内存溢出
  简体   繁体   English

PHP文件上传限制大小和最佳做法

[英]PHP file upload limit size and best practises

 原文  2015-05-23 14:16:46       javascript/ php/ html/ file/ email

问题描述

I have a website and I am trying to get a form working that will upload a file selected from the users computer. 我有一个网站,我正在尝试获取一个工作表,该表将上载从用户计算机中选择的文件。 When they click the submit button on the form it should email me the data they filled in the fields and upload the file to a folder on my server. 当他们单击表单上的“提交”按钮时,应该通过电子邮件将他们填写在字段中的数据发送给我,并将文件上传到我服务器上的文件夹中。 Here is what I have got so far: 这是到目前为止我得到的:

Form section of HTML page: HTML页面的“表单”部分: 

   <form class="registration-form" id="contact-form" action="upload_file.php" method="post" enctype="multipart/form-data">
      <input type="text" id="cf-name" name="name" class="form-test input-box" placeholder="Name">
      <input type="email" id="cf-email" name="email" class="form-test input-box" placeholder="Email">
      <input type="text" class="form-test bfh-address" placeholder="Address">
      <textarea name="message" id="cf-message" class="form-test textarea-box" rows="4" placeholder="Please enter your description"></textarea>
      <input type="file">
      <br>
      <button class="btn btn-primary standard-button" type="submit" name="submit" value="Submit">Upload</button>
   </form>

PHP script: PHP脚本: 

  <?php

$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma", "zip", "rar", "7zip", "avi", "mov", "wmv", "div");
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

if ((($_FILES["file"]["type"] == "video/mp4")
|| ($_FILES["file"]["type"] == "video/avi")
|| ($_FILES["file"]["type"] == "video/mov")
|| ($_FILES["file"]["type"] == "video/wmv")
|| ($_FILES["file"]["type"] == "video/div")
|| ($_FILES["file"]["type"] == "compressed/zip")
|| ($_FILES["file"]["type"] == "compressed/rar")
|| ($_FILES["file"]["type"] == "compressed/7zip")
|| ($_FILES["file"]["type"] == "audio/mp3")
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))

&& ($_FILES["file"]["size"] < 6000000)
&& in_array($extension, $allowedExts))

  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

I also have some other questions: 1. Because of storage limit on server how can I prevent people trying to fill up the server space by uploading large files over and over as an attack? 我还有其他一些问题:1.由于服务器上的存储限制,如何防止人们试图通过反复上传大文件来填满服务器空间来攻击他人? 2. Is there a way to simply email the content of the fieldsand the name of the uploaded file to an email address when they click submit. 2.当他们单击提交时,有没有一种方法可以简单地通过电子邮件将字段内容和上载文件的名称发送到电子邮件地址。 3. Is there a way to upload the file to an off-server location such as uploading it to mega or some other site for safe storage? 3.是否可以将文件上传到服务器外位置,例如将其上传到大型或其他站点以进行安全存储?

Here are some of the errors on the php script: http://postimg.org/image/qv2rg9qft/ 以下是有关php脚本的一些错误: http : //postimg.org/image/qv2rg9qft/

2 个解决方案

解决方案1
 0  2015-05-23 14:56:20

When they click the submit button on the form it should email me the data they filled in the fields and upload the file to a folder on my server. 当他们单击表单上的“提交”按钮时,应该通过电子邮件将他们填写在字段中的数据发送给我,并将文件上传到我服务器上的文件夹中。 

// ...
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
mail("your@email.com", "Subject", "Text", "From: sender <sender@email.com>");
// ...
  1. Because of storage limit on server how can I prevent people trying to fill up the server space by uploading large files over and over as an attack? 由于服务器上的存储限制,如何防止人们试图通过一次又一次地上传大文件来填满服务器空间?

Make a CAPTCHA, for example reCAPTCHA . 进行验证 ,例如reCAPTCHA

  1. Is there a way to simply email the content of the fieldsand the name of the uploaded file to an email address when they click submit. 当他们单击提交时,是否有一种方法可以简单地通过电子邮件将字段的内容和上载的文件的名称发送到电子邮件地址。

Yes. 是。 Using PHPMailer for attachments is a very easy solution. 使用PHPMailer作为附件是一个非常简单的解决方案。

  1. Is there a way to upload the file to an off-server location such as uploading it to mega or some other site for safe storage? 是否可以将文件上传到服务器外位置,例如将其上传到大型或其他站点以进行安全存储?

There are possibilities with FTP or Amazon S3 for example. 例如, FTPAmazon S3都有可能。

解决方案2
 0  2015-05-23 14:59:31

To fix the errors you have to give your html file element the exact name youre using in the $_FILES Array: 要更正错误,您必须在$ _FILES数组中为html文件元素提供确切的名称:

So your full HTML code looks like: 因此,完整的HTML代码如下所示: 

<form class="registration-form" id="contact-form" action="upload_file.php" method="post" enctype="multipart/form-data">
  <input type="text" id="cf-name" name="name" class="form-test input-box" placeholder="Name">
  <input type="email" id="cf-email" name="email" class="form-test input-box" placeholder="Email">
  <input type="text" class="form-test bfh-address" placeholder="Address">
  <textarea name="message" id="cf-message" class="form-test textarea-box" rows="4" placeholder="Please enter your description"></textarea>
  <input type="file" name="file">
  <br>
  <button class="btn btn-primary standard-button" type="submit" name="submit" value="Submit">Upload</button>

To prevent people from uploading large files over and over, you could implement a captcha script like phpcaptcha, for example. 为了防止人们一遍又一遍地上传大文件,例如,您可以实现一个验证码脚本,例如phpcaptcha。 https://www.phpcaptcha.org/ . https://www.phpcaptcha.org/

Uploading to mega or any other public file service could be a good option as well. 上载到大型或任何其他公共文件服务也是一个不错的选择。 Take a look at http://julien-marchand.fr/blog/using-the-mega-api-with-php-examples/ for an example of uploading to mega with php. 看看http://julien-marchand.fr/blog/using-the-mega-api-with-php-examples/,了解使用php上传到mega的示例。 But depending on what you want to do with the files i would not recommend that since you are loosing flexibility in displaying or deploying these files to the clients later on. 但是根据您要处理的文件,我不建议您这样做,因为稍后您失去了显示或部署这些文件到客户端的灵活性。

For an e-mail service, i would recommend swiftmailer: http://swiftmailer.org . 对于电子邮件服务,我建议使用swiftmailer: http ://swiftmailer.org。 It is currently the best way to send emails from php. 目前,这是从php发送电子邮件的最佳方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在PHP中限制文件上传大小? - How to limit file upload size in PHP? 文件上传的大小限制 - Size limit for file upload KCFinder上传文件大小限制 - KCFinder upload file size limit .net Core 2.0 文件上传大小限制 - .net Core 2.0 File Upload Size Limit 拖放上传图片文件的大小限制 - Drag and drop upload image file size limit 在Graphql中上传时限制文件大小 - Limit file size when upload in Graphql 限制图片上传大小 - Limit image upload size 为我的XMLHttpRequest文件上传添加文件大小限制 - Add a file size limit to my XMLHttpRequest file upload 在上传过程中检查文件大小并使用javascript停止上传超过文件大小限制的文件? - Checking file size during upload and stopping upload exceeding file size limit with javascript? Firebase的Cloud Storage限制(合并)多个文件上传的大小 - Cloud Storage for Firebase limit size of (combined) multiple file upload
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM