[英]How to prevent a PHP upload script from overwriting existing files?
我自己一直在使用我的PHP上傳腳本,但是由於無法覆蓋現有文件而無法執行操作。 請要求提示和解釋。 如果我處理上傳的方式很好,也請提供建議和提示。
$destination = 'C:/upload_test/';
$max=75200;
if (isset($_POST['upload'])) {
if (isset($_FILES['image']['tmp_name'])) {
$fileTaille= $_FILES['image']['size'];
if ($fileTaille==true) {
if ($fileTaille > $max) {
echo "Your file is too large, select a file smaller than";
exit(include 'form.php');
}
}
else {
echo "No file selected";
exit(include 'form.php');
}
}
$file_type=getimagesize($_FILES['image']['tmp_name']);
if ($file_type==true) {
echo "File is an image - " .$file_type["mime"]." ";
}
else{
echo "Could not get file type";
}
$fileType = exif_imagetype($_FILES['image']['tmp_name']);
$allowed = array(IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_GIF);
if (!in_array($fileType, $allowed)) {
echo "File type not accepted, Only JPEG file allowed";
exit(include 'form.php');
}
$clean_file = preg_replace("/[^A-Z0-9\.\_-]/i", " ", $_FILES["image"]["name"]);
$fileName = $destination . basename($clean_file);
if (file_exists($fileName)) {
echo "File already exist";
exit(include 'form.php');
}
}
if (isset($_FILES['image']['tmp_name'])) {
$result = move_uploaded_file($_FILES['image']['tmp_name'], $destination . $_FILES['image']['name']);
if ($result == true) {
echo "file moved "." ";
}else
{
echo "Could not move filed";
}
$permission = chmod($destination . $clean_file, 0644);
if ($permission==false) {
echo "No permission to the file";
}
else
{
echo "permission given";
}
}
?>
我認為最佳實踐是先對文件進行sha256加密然后再保存,這樣就不會覆蓋文件,也不會保存重復的文件。
怎么做:
例:
$clean_file = preg_replace("/[^A-Z0-9\.\_-]/i", " ", $_FILES["image"]["name"]);
$fileName = hash_file('sha256', $clean_file);
rename($clean_file, $fileName.$extention);
您要搜索的文件和要保存的文件具有不同的名稱。 您正在搜索名稱$clean_file
的文件,但保存$_FILES['image']['name']
。 您應該更新代碼以將其另存為$clean_file
:
$result = move_uploaded_file($_FILES['image']['tmp_name'],
$destination . $clean_file
);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.