stackoom
  简体   繁体   中英

How can I upload a zip file using php?

 原文  2011-04-22 17:38:53       php/ file-upload/ upload/ zip

Question

I want people to be able to upload zip files to my server. I have a form for them to upload to and it redirects to an upload page. I can successfully upload pictures (png and jpg) but whenever I try a zip I get several "undefined index errors on lines 4-8." Here is my code. If you want to check out the website, it should be available at gregsminecraft.dyndns.org:25566/file.php EDIT: I believe that it doesn't accept the large zip file, because I tried it with a smaller one and it worked. Is there a way to accept the larger zip files? 

 if ((($_FILES["file"]["type"] == "application/zip")
|| ($_FILES["file"]["type"] == "application/x-zip-compressed")
|| ($_FILES["file"]["type"] == "multipart/x-zip")
|| ($_FILES["file"]["type"] == "application/x-compressed")
|| ($_FILES["file"]["type"] == "application/octet-stream"))
&& ($_FILES["file"]["size"] < 20971520))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }

1 answers

solution1
 3  2011-04-22 18:36:30

You say your upload form redirects after upload? Remember that PHP deletes any uploaded files when the script exits, unless you've taken steps to preserve the file. If your form POSTs to (say) "upload.php" which then redirects to "handle_upload.php", you have to actually handle the upload in the "upload.php" script, otherwise the file's gone.

As well, don't trust the ['type'] and ['name'] parameters in the $_FILES array. That's user-provided data and can be easily subverted. You're also using the user-supplied filename to store the file on your server. Nothing says the user can't hack the upload form and call their file "../../../../etc/passwd" with a mime-type of "application.zip". Your script would happily accept that and overwrite your server's password file.

The proper way to handle uploads, with error checking, is: 

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     if (isset($_FILES['file'])) {
          if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
                ... file was succesfully uploaded, process it
          } else {
               ... file upload failed, output error message, etc...
     } else {
        ... no upload at all, not even an attempt
     }
} else {
   .... not in a POSt environment, so can't possibly have a file upload ...
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question can not upload zip file with php how can i upload a file using PHP Upload a .zip file to FTP and unzip it using PHP Upload Zip file in PHP How can I upload file in JavaScript and PHP without using FormData PHP file upload and zip on upload How can I upload file with AJAX using PHP? How can I upload the file using PHP and Facebook WebDriver? how i can open a file in zip file without extract it by the PHP How can I upload file Curl PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM