[英]Sanitizing uploaded multiple images using php
我正在使用此代碼上傳多個圖像。我想添加圖像清理代碼以防止任何攻擊。我還想使用 md5 哈希算法將上傳的文件重命名為唯一名稱..我該怎么做這些事情..請幫助我..
<?php
if($_SERVER['REQUEST_METHOD'] == "POST")
if(isset($_FILES['file']))
{
$count = 0;
$errors= array();
foreach($_FILES['file']['tmp_name'] as $key => $tmp_name )
{
$file_name = $key.$_FILES['file']['name'][$key];
$file_size =$_FILES['file']['size'][$key];
$file_tmp =$_FILES['file']['tmp_name'][$key];
$file_type=$_FILES['file']['type'][$key];
$size = getimagesize($_FILES['file']['tmp_name'][$key]);
if ($size === FALSE) {
die("Oopz,This is not an image");
}
$enc_id= $_POST['form_id'].$_POST['name3'];
$md5folder = md5($enc_id);
$upload_path ="uploads/".$md5folder;
if(!is_dir($upload_path))
{
mkdir($upload_path, 0777, true);
}
if(empty($errors)==true)
{
move_uploaded_file($file_tmp,$upload_path.'/'.$file_name);
}
}
?>
我也想知道這部分代碼有意義嗎?
$size = getimagesize($_FILES['file']['tmp_name'][$key]);
if ($size === FALSE) {
die("Oopz,This is not an image");
}
使用它來清理數據庫輸入:
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
$output = preg_replace($search, '', $input);
return $output;
}
?>
<?php
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
使用它來計算文件名的 md5 哈希值:
$image = "image1.jpg";
$filehash = md5($image );
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.