文件上传在IE和Firefox中不起作用
[英]File Upload not working in IE and Firefox
问题描述
I have the following code to upload a file to the server. 
我有以下代码将文件上传到服务器。 For some weird reason, it does not work in IE and Mozilla Firefox but works perfect in Chrome. 出于某些奇怪的原因,它在IE和Mozilla Firefox中不起作用,但在Chrome中完美运行。 What is the problem? 问题是什么?
PHP: PHP:
// Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762)
$POST_MAX_SIZE = ini_get('post_max_size');
$unit = strtoupper(substr($POST_MAX_SIZE, -1));
$multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));
if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE)
HandleError('File exceeded maximum allowed size. Your file size <b>MUST NOT</b> be more than 100kb.');
// Settings
$save_path = 'uploads/'; //getcwd() . '/uploads/';The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
$upload_name = 'userfile'; // change this accordingly
$max_file_size_in_bytes = 102400; // 100k in bytes
$whitelist = array('jpg', 'png', 'gif', 'jpeg'); // Allowed file extensions
$blacklist = array('php', 'php3', 'php4', 'phtml','exe','txt','scr','cgi','pl','shtml'); // Restrict file extensions
$valid_chars_regex = 'A-Za-z0-9_-\s ';// Characters allowed in the file name (in a Regular Expression format)
// Other variables
$MAX_FILENAME_LENGTH = 260;
$file_name = $_FILES[$upload_name]['name'];
//echo "testing-".$file_name."<br>";
//$file_name = strtolower($file_name);
////////$file_extension = end(explode('.', $file_name));
$parts = explode('.', $file_name);
$file_extension = end($parts);
$uploadErrors = array(
0=>'There is no error, the file uploaded with success',
1=>'The uploaded file exceeds the upload max filesize allowed.',
2=>'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
3=>'The uploaded file was only partially uploaded',
4=>'No file was uploaded',
6=>'Missing a temporary folder'
);
// Validate the upload
if (!isset($_FILES[$upload_name]))
**HandleError('No upload found for ' . $upload_name);**//THROWS UP ERROR HERE in IE and Firefox
else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)
HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
else if (!isset($_FILES[$upload_name]['tmp_name']) || !@is_uploaded_file($_FILES[$upload_name]['tmp_name']))
HandleError('Upload failed.');
else if (!isset($_FILES[$upload_name]['name']))
HandleError('File has no name.');
HTML: HTML:
<form name="upload" action="/upload" method="POST" ENCTYPE="multipart/formdata">
<table border="0" cellpadding="3" cellspacing="3" class="forms">
<tr>
<tr>
<td style="height: 26px" align="center">
<font class="font_upload_picture">'.MSG142.': <input class="font_upload_picture" type="file" name="userfile">
<input type=hidden name=MAX_FILE_SIZE value=102400 />
</td>
</tr>
<tr>
<td colspan="2">
<p align="center">
<input type="image" name="upload" value="upload" src="/img/layout/btnupload.gif" border="0" />
</p>
<p> </p>
<td><a href="/picturecamerasettings"><img src="/img/layout/takepicture.gif" border="0" /><br> '.MSG143.'</a></td>
</tr>
</table>
</form>
3 个解决方案
解决方案1
5 已采纳 2011-04-15 20:56:25
表单的enctype应该是multipart/form-data
解决方案2
0 2011-04-15 20:59:00
You have errors in your html. 您的html中有错误。 You're missing closing tags for a tr and td tag. 您缺少tr和td标签的结束标签。 Also, close off your file upload input tag /> . 另外,关闭文件上传输入标签/> 。
解决方案3
0 2011-04-15 21:17:36
Some of your logic is off: 您的某些逻辑已关闭:
if (!isset($_FILES[$upload_name]))
will always pass. 将永远过去。 For every <input type="file"> in your form, there'll be a matching $_FILES entry, whether a file was actually uploaded or not. 对于表单中的每个<input type="file"> ,无论文件是否实际上传,都会有一个匹配的$_FILES条目。 If no file was uploaded to being with, then you'll get error code 4 . 如果没有文件上传到一起,那么您将得到错误代码4 。
else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)
You don't have to check if the error parameter is set. 您不必检查是否设置了error参数。 as long as $upload_name has a valid file field name in it, the error section will be there. 只要$upload_name具有有效的文件字段名称, error部分就会存在。 You can check for $_FILES[$upload_name] , though. 不过,您可以检查$_FILES[$upload_name] 。 in case your variable's set wrong. 以防您的变量设置错误。
You've commented it out, but you're checking for valid upload types by checking the user-provided filename. 您已将其注释掉,但是您正在通过检查用户提供的文件名来检查有效的上传类型。 Remember that the ['type'] and ['name'] parameters in $_FILES are user-supplied and can be subverted. 请记住,$ _ FILES中的['type']和['name']参数是用户提供的,可以被颠覆。 Nothing says a malicious user can't rename bad_virus.exe to cute_puppies.jpg and get through your 'validation' check. 没什么说恶意用户无法将bad_virus.exe重命名为cute_puppies.jpg并通过“验证”检查。 Always determine MIME type on the server, by using something like Fileinfo . 始终通过使用Fileinfo之类的东西来确定服务器上的MIME类型。 That inspects the file's actual contents, not just the filename. 这将检查文件的实际内容,而不仅仅是文件名。
So, your upload validation should look something like: 因此,您的上传验证应类似于:
if (isset($_FILES[$upload_name]) && ($_FILES[$upload_name]['error'] === UPLOAD_ERR_OK)) {
$fi = finfo_open(FILE_INFO_MIME_TYPE);
$mime = finfo_file($fi, $_FILES[$upload_name]['tmp_name']);
if (!in_array($valid_mime_type, $mime)) {
HandleError("Invalid file type $mime");
}
etc...
} else {
HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.