堆栈内存溢出
  简体   繁体   English

提交给自己时防止执行PHP脚本

[英]Prevent PHP script from being executed when submitting to self

 原文  2011-07-03 16:24:18       php/ forms/ file/ file-upload

问题描述

I have this form:我有这个表格:

<form name="commentform" id="commentform" action="comment.php" method="post" 
enctype="multipart/form-data">

Your Name: 
<textarea maxlength="60" rows="1" cols="62" class="margin" name="name" 
id="name"> </textarea> <br><br>

Submit Picture
<input type="file" name="pic" id="pic" /> <br><br>

<input type="Submit" value="Submit" />
</form>

This is the PHP to validate the picture (from W3Schools.com):这是用于验证图片的 PHP(来自 W3Schools.com):

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
  {
  echo $_FILES["file"]["name"] . " already exists. ";
  }
else
  {
  move_uploaded_file($_FILES["file"]["tmp_name"],
  "upload/" . $_FILES["file"]["name"]);
  echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
  }
  }
  }
  else
  {
  echo "Invalid file";
  }
  ?>

I am the submitting the form to the same page, so the PHP is executed as soon as the webpage loads.我将表单提交到同一页面,因此网页加载后立即执行 PHP。 How can I make it load as soon as the form is submitted?提交表单后如何使其加载? Also, this script does not seem to be working.此外,此脚本似乎不起作用。

3 个解决方案

解决方案1
 3 已采纳  2011-07-03 16:28:21

You need to check if your form is submitted before you process the file upload:在处理文件上传之前,您需要检查您的表单是否已提交:

if ( isset($_POST['pic'])) {

  //save file here.

}

EDIT: It looks like your not referring to the right POST variable - you have a file element called 'pic' in your form but you are referring to $_POST['file'] in your PHP code which will not exist.编辑:看起来您没有引用正确的 POST 变量 - 您的表单中有一个名为 'pic' 的文件元素,但您在 PHP 代码中引用了$_POST['file'] ,该代码将不存在。

Also: If you are starting out with PHP, (IMHO) W3Schools.com is the worse place you can be - I've seen really bad examples of how code should NOT be written in there..另外:如果您从 PHP 开始,(恕我直言)W3Schools.com 是您可能遇到的更糟糕的地方 - 我已经看到了不应该在那里编写代码的非常糟糕的例子。

解决方案2
 0  2011-07-03 16:33:50

<?php

if( isset( $_POST( 'submit' ) ) ){ // Check form is submitted or not 

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
  {
  echo $_FILES["file"]["name"] . " already exists. ";
  }
else
  {
  move_uploaded_file($_FILES["file"]["tmp_name"],
  "upload/" . $_FILES["file"]["name"]);
  echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
  }
  }
  }
  else
  {
  echo "Invalid file";
  }
}
  ?>

解决方案3
 0  2011-07-03 16:33:54

Add This To the Top of your page:将此添加到页面顶部:

<?php $action = $_GET['action']; ?>

Your New Form:您的新表格:

<form name="commentform" id="commentform" action="comment.php?action=go" method="post" enctype="multipart/form-data">
Your Name: <textarea maxlength="60" rows="1" cols="62" class="margin" name="name" id="name"> </textarea> <br><br>

Submit Picture<input type="file" name="pic" id="pic" /> <br><br>
<input type="Submit" value="Submit" />
</form>

And the action script:和动作脚本:

<?php
if (isset($action) && $action == 'go'){
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) {
if ($_FILES["file"]["error"] > 0){
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}else{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))  {
echo $_FILES["file"]["name"] . " already exists. ";  
}else{  
move_uploaded_file($_FILES["file"]["tmp_name"],  "upload/" . $_FILES["file"]["name"]);  
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];  
}  
}  
}else{  
echo "Invalid file";  
}  
}
?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP-脚本未执行 - PHP - script not being executed 阻止上传php脚本执行 - prevent upload php script to be executed 防止PHP脚本被淹没 - Prevent PHP script from being flooded 为什么AJAX JQuery调用我的PHP脚本没有执行? - Why is my PHP script not being executed when calling it by AJAX JQuery? 从php提供图像时如何防止脚本名称附加到图像文件扩展名 - How to prevent script name from being appended to image file extension when serving images from php Bash脚本在php脚本中执行 - Bash script being executed in a php script 注册脚本问题,PHP,查询未执行 - Register Script Troubles, PHP, Query is not being executed 有没有一种方法可以100%防止php邮件脚本被滥用? - Is there a way to 100% prevent a php mail script from being abused? 从PHP触发bash脚本时,服务未执行 - service not getting executed when bash script is triggered from php 从PHP脚本执行时,MySQL临时变量不起作用 - MySQL temporary variable does not work when executed from PHP script
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM