[英]php file upload, how to restrict file upload type
我有以下代码来检查(上传的简历和推荐信是否与所需类型(pdf或doc或docx)匹配)和大小(小于400 kb)
//check file extension and size
$resume= ($_FILES['resume']['name']);
$reference= ($_FILES['reference']['name']);
$ext = strrchr($resume, ".");
$ext1 = strrchr($reference, ".");
if (!(($_FILES["resume"]["type"] == "application/doc")
|| ($_FILES["resume"]["type"] == "application/docx")
|| ($_FILES["resume"]["type"] == "application/pdf" ))
&& (($_FILES["reference"]["type"] == "application/doc")
|| ($_FILES["reference"]["type"] == "application/docx")
|| ($_FILES["reference"]["type"] == "application/pdf"))
&& (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
&& (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
&& ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
&& ($_FILES["reference"]["size"] < 400000)) {
stop user } else { allow files to upload }
这无法正常工作,甚至连txt文件都没有通过+大小限制,这是怎么回事?
谢谢,
下面仅使用mime类型来验证文件,然后检查两者的大小。 有关大多数MIME类型的列表,请参见此处或google。
function allowed_file(){
//Add the allowed mime-type files to an 'allowed' array
$allowed = array('application/doc', 'application/pdf', 'another/type');
//Check uploaded file type is in the above array (therefore valid)
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){
//If filetypes allowed types are found, continue to check filesize:
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){
//if both files are below given size limit, allow upload
//Begin filemove here....
}
}
}
docx
的Mime类型为application/vnd.openxmlformatsofficedocument.wordprocessingml.document
这是我过去写的一些代码。
function checkFileExtension($ext)
{
if ($ext == 'ai' || $ext == 'pdf' || $ext == 'jpg' || $ext == 'jpeg' || $ext ==
'gif' || $ext == 'eps' || $ext == 'tif' || $ext == 'png' || $ext == 'xls' || $ext ==
'xlsx' || $ext == 'doc' || $ext == 'docx' || $ext == 'ppt' || $ext == 'pptx' ||
$ext == 'zip' || $ext == 'rar' || $ext == 'sitx' || $ext == 'psd' || $ext ==
'indd' || $ext == 'dng') {
$pass = (int)1;
} else {
$pass = (int)0;
}
return (int)$pass;
}
$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];
if($fileAccepted==1 && $fileSize > '82428800'){
// do stuff
}
为此,我通常使用类似的方法:
$filename = $_FILES['field_name']['name']; // Get the name of the file (including file extension).
$ext = strtolower(substr($filename, strpos($filename,'.'), strlen($filename)-1)); //get the extention in lower case
然后检查文件扩展名是否被接受。
另请注意,用户可以简单地更改危险文件的扩展名,因此更安全地检查mime类型
这可能有用:
首先检查所需的mime类型以进行验证:
Microsoft Office MIME类型和MIME类型 列表
然后尝试使您的代码更容易...
$mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'application/vnd.openxmlformats-officedocument.presentationml.presentation');
if (in_array($_FILES["resume"]["type"], $mimeTypes))
{
// File's OK
}
else
{
// Bad file !
}
重要提示:用户可以更改文件扩展名,因此请务必检查扩展名的MIME类型! =)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.