我花了很多时间在谷歌上寻找用 PHP 上传文件最安全的方法。在那里我发现了一些技术,如检查文件扩展名、重命名文件或许多其他技术,所以请告诉我是否还有其他选择。
1 回答
江户川乱折腾
TA贡献1851条经验 获得超5个赞
这个问题已经在这里问过了。但是您可以使用我自己的代码,因为它既简单又安全。
function hc_upload($f,$username='',$verify_type=1,$size=2048)
{
$f=$_FILES[$f];
$file_name=strtolower($f['name']);
$file_type=strtolower($f['type']);
$file_size=strtolower($f['size']);
$file_extenstion =end(explode('.',$file_name));
$file_extenstion2=strtolower(pathinfo(basename($file_name),PATHINFO_EXTENSION));
if($file_extenstion2!=$file_extenstion){
$err["error"]=true;
$err["message"]="Invalid file extension.";
return $err;
}
if($file_size > $size*1000){
$err["error"]=true;
$err["message"]="File is too large.";
return $err;
}
$ext_verify=0;
if(gettype($verify_type)!='array')
{
$verify_type=(string)$verify_type;
if((strpos($verify_type,"1") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("jpg","jpeg","gif","png");
$mimes['mime']=array("image/jpg","image/jpeg","image/gif","image/png");
if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}
}
if((strpos($verify_type,"2") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("doc","docx","pdf","xls","xlsx","ppt","pptx");
if(in_array($file_extenstion,$mimes['ext'])){$ext_verify=1;}
}
if((strpos($verify_type,"3") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("mp3","wav","weba","3gp","mp4","mov","mpeg","avi");
$mimes['mime']=array("audio/mpeg","audio/wav","audio/webm","audio/3gpp","video/3gpp","video/mp4","video/quicktime","video/mpeg","video/x-msvideo");
if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}
}
}
else
{
if(array_key_exists("mime",$verify_type) && array_key_exists("ext",$verify_type)){
if(in_array($file_extenstion,$verify_type['ext']) && in_array($file_type,$verify_type['mime'])){$ext_verify=1;}
}
elseif(array_key_exists("ext",$verify_type)){
if(in_array($file_extenstion,$verify_type['ext'])){$ext_verify=1;}
}
elseif(array_key_exists("mime",$verify_type)){
if(in_array($file_type,$verify_type['mime'])){$ext_verify=1;}
}
else{
if(in_array($file_extenstion,$verify_type)){$ext_verify=1;}
}
}
if($ext_verify==0){
$err["error"]=true;
$err["message"]="Seems your file is not valid";
return $err;
}
$upload_dir='upload/'.$username.'/';
if(!is_dir($upload_dir)){
if(!mkdir($upload_dir,0777,true)){
$err["error"]=true;
$err["message"]="Unknown error, kindly contact admin";
return $err;
}
}
$upload_file=$upload_dir.sha1_file($f['tmp_name']);
if(!file_exists($upload_file)){
if(!move_uploaded_file($f['tmp_name'], $upload_file)){
$err["error"]=true;
$err["message"]="Unknown error, kindly contact admin";
return $err;
}
}
$err["error"]=true;
$err["message"]="SUCCESS";
$err["dir"]=$upload_file;
return $err;
}
HTML 示例代码是
<form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
所以只需在php中调用这个函数
hc_upload('fileToUpload','',123) 您可以通过给定两个第二个参数和第三个参数的值来为每个用户名创建文件夹两个检查文件是图像或文档还是音频/视频媒体,还可以传递扩展名数组以进行手动检查
- 1 回答
- 0 关注
- 91 浏览
添加回答
举报
0/150
提交
取消