[英]Prevent PHP script from being executed when submitting to self
我有這個表格:
<form name="commentform" id="commentform" action="comment.php" method="post"
enctype="multipart/form-data">
Your Name:
<textarea maxlength="60" rows="1" cols="62" class="margin" name="name"
id="name"> </textarea> <br><br>
Submit Picture
<input type="file" name="pic" id="pic" /> <br><br>
<input type="Submit" value="Submit" />
</form>
這是用於驗證圖片的 PHP(來自 W3Schools.com):
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
我將表單提交到同一頁面,因此網頁加載后立即執行 PHP。 提交表單后如何使其加載? 此外,此腳本似乎不起作用。
在處理文件上傳之前,您需要檢查您的表單是否已提交:
if ( isset($_POST['pic'])) {
//save file here.
}
編輯:看起來您沒有引用正確的 POST 變量 - 您的表單中有一個名為 'pic' 的文件元素,但您在 PHP 代碼中引用了$_POST['file']
,該代碼將不存在。
另外:如果您從 PHP 開始,(恕我直言)W3Schools.com 是您可能遇到的更糟糕的地方 - 我已經看到了不應該在那里編寫代碼的非常糟糕的例子。
<?php
if( isset( $_POST( 'submit' ) ) ){ // Check form is submitted or not
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
}
?>
將此添加到頁面頂部:
<?php $action = $_GET['action']; ?>
您的新表格:
<form name="commentform" id="commentform" action="comment.php?action=go" method="post" enctype="multipart/form-data">
Your Name: <textarea maxlength="60" rows="1" cols="62" class="margin" name="name" id="name"> </textarea> <br><br>
Submit Picture<input type="file" name="pic" id="pic" /> <br><br>
<input type="Submit" value="Submit" />
</form>
和動作腳本:
<?php
if (isset($action) && $action == 'go'){
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) {
if ($_FILES["file"]["error"] > 0){
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}else{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
}else{
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}else{
echo "Invalid file";
}
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.