堆栈内存溢出
  简体   繁体   English

如何防止PHP上传脚本覆盖现有文件?

[英]How to prevent a PHP upload script from overwriting existing files?

 原文  2015-08-08 10:42:05       php/ file

问题描述

Been working my PHP upload script myself, but got stuck with prevent overwriting existing file, how to do it. 我自己一直在使用我的PHP上传脚本,但是由于无法覆盖现有文件而无法执行操作。 Please require tips and explanation. 请要求提示和解释。 And also please if my way to handle upload is good, if not please advise and give tips. 如果我处理上传的方式很好,也请提供建议和提示。 

$destination = 'C:/upload_test/';
$max=75200;
if (isset($_POST['upload'])) {
if (isset($_FILES['image']['tmp_name'])) {
$fileTaille= $_FILES['image']['size'];
if ($fileTaille==true) {
 if ($fileTaille > $max) {
    echo "Your file is too large, select a file smaller than";
    exit(include 'form.php');
   }
 }
   else {
    echo "No file selected";
    exit(include 'form.php');
   }
}

$file_type=getimagesize($_FILES['image']['tmp_name']);

 if ($file_type==true) {
   echo "File is an image - " .$file_type["mime"]." ";
 }
  else{
    echo "Could not get file type";
  }

$fileType = exif_imagetype($_FILES['image']['tmp_name']);
$allowed = array(IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_GIF);

 if (!in_array($fileType, $allowed)) {
   echo "File type not accepted, Only JPEG file allowed";
   exit(include 'form.php');
 }

$clean_file = preg_replace("/[^A-Z0-9\.\_-]/i", " ", $_FILES["image"]["name"]);
 $fileName = $destination . basename($clean_file);
 if (file_exists($fileName)) {
   echo "File already exist";
   exit(include 'form.php');
 }

}

if (isset($_FILES['image']['tmp_name'])) {
$result = move_uploaded_file($_FILES['image']['tmp_name'], $destination . $_FILES['image']['name']); 

  if ($result == true) {
  echo "file moved "." ";
  }else
    {
    echo "Could not move filed";
    }
$permission = chmod($destination . $clean_file, 0644);
  if ($permission==false) {
    echo "No permission to the file";
  }
   else
   {
    echo "permission given";
   }
}
?>

2 个解决方案

解决方案1
 0  2015-08-08 11:01:11

Best practise in my opinion is to make a sha256 of the file and then save it, this way you don't overwrite files and also you don't save duplicate files. 我认为最佳实践是先对文件进行sha256加密然后再保存,这样就不会覆盖文件,也不会保存重复的文件。

How to do it: 怎么做:

  1. Upload the files to a temporary directory 将文件上传到临时目录
  2. Hash the file and get the sha256 string. 散列文件并获取sha256字符串。
  3. Rename the file and copy to upload folder. 重命名文件并复制到上载文件夹。

Example: 例: 

$clean_file = preg_replace("/[^A-Z0-9\.\_-]/i", " ", $_FILES["image"]["name"]);
$fileName = hash_file('sha256', $clean_file);
rename($clean_file, $fileName.$extention);

解决方案2
 0  2015-08-08 11:04:52

The file you are searching for and the file you are saving have different names. 您要搜索的文件和要保存的文件具有不同的名称。 You are searching for a file with the name $clean_file but saving $_FILES['image']['name'] instead. 您正在搜索名称$clean_file的文件,但保存$_FILES['image']['name'] You should update your code to save it as $clean_file : 您应该更新代码以将其另存为$clean_file 

$result = move_uploaded_file($_FILES['image']['tmp_name'],
    $destination . $clean_file
);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我用PHP制作了一个上传脚本。 如何避免覆盖文件? - I made an upload script in PHP. How do I avoid overwriting files? 如何防止php fwrite()覆盖文件上的一行文本? - how to prevent php fwrite() from overwriting a line of text on file? PHP防止foreach循环覆盖对象 - PHP prevent foreach loop from overwriting object PHP:允许为用户上传.php文件,如何防止它们运行? - PHP: allowing upload of .php files for users, how do I prevent them from running? 阻止上传php脚本执行 - prevent upload php script to be executed 如何使用XAMPP将Ajax文件上传到php脚本 - How to upload files with Ajax to php script with XAMPP PHP-如何防止文件名增加覆盖现有文件? - PHP - How to prevent override of existing files with filename increment? 使用php脚本上传多个文件 - Upload multiple files with a php script 如何防止php上传文件: - How to prevent php from uploading files: 如何安装PHP 5.4而不覆盖现有的旧版PHP? - How to install PHP 5.4 without overwriting existing older PHP version?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM