我在这段代码中遇到错误。我想将文件上传限制为 1.5 mb 并且类型仅为 doc 文件...首先提示警报,现在只有文件类型警报正在提示和数据,但也保存到 php myadmin 中。其中包括所有类型的文件,即我不想要的 pdf、mp4 等。任何人都有解决方案。代码如下:<?php$con = mysqli_connect("localhost","root","","physiocon");ini_set('display_errors', 1);ini_set('display_startup_errors', 1);error_reporting(E_ALL);$edit_state = false;if(isset($_POST['submit'])) { $name = $_POST['name']; $email= $_POST['email']; $abscategory = $_POST['abscategory']; $submcategory = $_POST['submcategory']; $uploadOk = 1; $file = $_FILES['file']['name']; $target = "admin/submitted abstracts/".basename($_FILES['file'['name']); $imageFileType = strtolower(pathinfo($target,PATHINFO_EXTENSION)); // Check if file already exists if (file_exists($target)) { echo ("<script LANGUAGE='JavaScript'> window.alert('Sorry File is already Exists. Please Upload Another File or Rename Your File!'); window.location.href='abstract_submission.php'; </script>"); $uploadOk = 0;}// Check file sizeif ($_FILES["file"]["size"] > 1500) { echo ("<script LANGUAGE='JavaScript'> window.alert('Sorry File Size Allowed is upto 1.5 MB !'); window.location.href='abstract_submission.php'; </script>"); $uploadOk = 0; } // Allow certain file formatsif($imageFileType != "doc") { echo ("<script LANGUAGE='JavaScript'> window.alert('Sorry only .doc file is allowed !'); window.location.href='abstract_submission.php'; </script>"); $uploadOk = 0;}$sql="INSERT INTO `abstracts`(`name`, `email`, `abs_file`, `abs_ategory`, `subm_category`) VALUES ('$name','$email','$file','$abscategory','$submcategory')";mysqli_query($con, $sql);if (move_uploaded_file($_FILES['file']['tmp_name'], $target)){ echo ("<script LANGUAGE='JavaScript'> window.alert('Testimonial Added Successfully !'); window.location.href='abstract_submission.php'; </script>");} else { echo "Error updating record: " . mysqli_error($con); }}?>
2 回答
www说
TA贡献1775条经验 获得超8个赞
您可以通过检查上传文件的扩展名(按名称)来验证文件类型。
替换下面的代码条件
// Allow certain file formats
if($imageFileType != "doc"){
// Your JavaScript code
}
将条件替换为
$allowedExtsImg=array("doc","docx");
$extensionsub = explode(".", $file);
$extension = strtolower(end($extensionsub));
if (!in_array($extension, $allowedExtsImg))
{
//Enter your JavaScript code here
}
在您的代码编写 if 条件之前结束所有验证之后
// This condition will prevent below action if there is a validation error above.
if($uploadOk!=0){
// Your Insert Query, and Upload file Code
}
一只名叫tom的猫
TA贡献1906条经验 获得超3个赞
好吧,您正在设置一个变量 $uploadOk 但您从不检查它。
如果该变量为 0,则尝试停止执行。这样就不会进行 SQL 查询。
......
if($imageFileType != "doc") {
echo ("<script LANGUAGE='JavaScript'>
window.alert('Sorry only .doc file is allowed !');
window.location.href='abstract_submission.php';
</script>");
$uploadOk = 0;
}
if ($uploadOk === 0) {
die("Invalid upload");
}
.......
考虑为 $uploadOk 变量使用布尔值(真或假),而不是整数。
此外,您的代码已开放用于 sql 注入。不要在 SQL 语句中直接使用 $_POST 值。
- 2 回答
- 0 关注
- 167 浏览
添加回答
举报
0/150
提交
取消