PHP implementation of some experiences uploaded

xiaoxiao2021-03-06 42

// image upload handling $ upload_file = $ _ FILES [ 'upload_file'] [ 'tmp_name']; echo $ upload_file; $ upload_file_name = $ _ FILES [ 'upload_file'] [ 'name']; $ type = strstr ($ upload_file_name, ' . '); IF ($ upload_file == ") {$ newname =" 0.jpg ";} else {$ newname = $ newid. $ Type;} // $ newname = $ newid. $ Type;

$ INTONEW2 = "Update MMS_NEWS_INFO SET COL_IMAGE = '$ NEWNAME' WHERE COL_ID = '$ NEWID'"; MySQL_Query ($ INTONEW2, $ DB);

IF ($ upload_file) {$ file_size_max = 1000 * 1000; // 1M Limit file Upload Maximum Capacity (BYTES) $ store_dir = "neirongIMG /"; // Upload file storage position $ accept_overwrite = 1; // Whether to allow overwriting the same Document // Check file size if ($ upload_file_size> $ file_size_max) {echo "Sorry, your file capacity is greater than specified"; exit;}

// Check the read and write file IF (file_exists ($ store_dir. $ Upload_file_name) && $ accept_overwrite) {echo "file"; exit;}

// Copy the file to the specified directory IF (! Move_uploaded_File ($ UPLOAD_FILE, $ STORE_DIR. $ NEWNAME)) {echo "copy file failed";

}

Echo "

You uploaded the file:"; Echo $ _files ['UPLOAD_FILE'] ['Name']; echo "
"; // The original name of the client machine file.

The MIME type of the echo file is: "; echo $ _files ['UPLOAD_FILE'] ['type']; // file MIME type, you need to provide this information for the information, such as" image / gif ". Echo "
";

Echo "Upload File Size:"; Echo $ _Files ['UPLOAD_FILE'] ['size']; // The size of the file has been uploaded, the unit is byte. Echo "
";

The echo "file is uploaded after being temporarily stored as:"; Echo $ _files ['UPLOAD_FILE'] ['TMP_NAME']; // The file is stored in the server after being uploaded. Echo "
";

$ Erroe = $ _ files ['UPLOAD_FILE'] ['Error']; Switch ($ Erroe) {Case 0: Echo "Upload Success"; Break; Case 1: Echo "Uploaded files exceed php.ini UPLOAD_MAX_FILESIZE Option Limit The value. "; Break; Case 2: Echo" Uploaded file size exceeds the value specified by the max_file_size option in the HTML form. "; Break; Case 3: Echo" file only partially uploaded "; Break; Case 4: Echo" No file is uploaded "; Break;} // picture upload processing

"> About Error Messages Starting from PHP 4.2.0, PHP will return a corresponding error code along with the file information array. This code can be found in the ['ERROR'] field in the file array generated when the file is uploaded, that is, $ _files ['userfile'] ['Error'].

UPLOAD_ERR_OK Value: 0; No error occurred, file upload success.

Upload_err_ini_size value: 1; uploaded files exceed the value limit on the UPLOAD_MAX_FILESIZE option in php.ini.

UPLOAD_ERR_FORM_SIZE Value: 2; Uploaded file size exceeds the value specified in the html form.

UPLOAD_ERR_PARTIAL value: 3; file only has been uploaded.

UPLOAD_ERR_NO_FILE value: 4; No file is uploaded.

Note: These have become PHP constants after PHP 4.3.0. PHP accepts any files from a browser that meets RFC-1867 standards (including Netscape Navigator 3 and higher, Microsoft Internet Explorer 3 add Micro patch, or higher). This feature of PHP allows us to upload text files or upload binaries. With PHP authentication and file operation functions, you can control who has uploaded permissions, and how to proceed after the file is uploaded.

Related Settings: See the file_uploads, upload_max_filesize, upload_max_filesize, upload_tmp_filesize, pOST_MAX_SIZE settings options.

Note that PHP also supports file upload of the PUT method, the AMAYA client of Netscape Composer and W3C uses this method. Please refer to PUT method support for more information.

You can build a special form as follows to support file upload:

Example 18-1. File upload form

send this file: " _URL_ "in the above examples should replace the true URL to a PHP file. Max_file_size hidden domain (unit-by-byte) must be prior to file input domain, its value is the maximum size of the received file. At the same time, to ensure that your file upload form must have encType = "multipart / form-data", otherwise the file upload will not work.

WARNING MAX_FILE_SIZE value is only a suggestion for the browser, in fact it can be bypassed. Therefore, do not assign the limitations of the browser to this value. In fact, the maximum value of the upload file in the PHP setting is not invalid. But it is best to add Max_File_Size in the form, because it can avoid the user's trouble too much after it takes time to wait for the large file.

Variables defined for upload files are different depending on the version and settings of PHP. Automatic global variable $ _files starts support from the PHP version 4.1.0 version. Before this, start from version 4.0.0, PHP supports $ http_post_files array. These arrays will contain all information about the file you upload, where we recommend you to use $ _files. If the PHP setting option register_global is ON, the associated variable name will exist. Starting from the PHP 4.2.0 version, the default value of Register_Globals is set to OFF.

The content of the $ _files array in the above example is as follows. We assume that the name of the file upload field is shown in the above example, for Userfile. The name can be named at will.

$ _FILES ['userfile'] ['name "] The original name of the client machine file.

$ _Files ['userfile'] ['Type'] file MIME type, you need to provide support for this information, such as "image / gif".

$ _Files ['userfile'] ['size'] The size of the file has been uploaded, the unit is byte.

$ _Files ['userfile'] ['TMP_NAME'] file is uploaded after the temporary file name stored at the server.

$ _Files ['userfile'] ['Error'] and the file upload related error code. ['Error'] is incremented in the PHP 4.2.0 version.

Note: The name of the array before the PHP 4.1.0 version is $ http_post_files, which is not as automatic global variables like $ _files. PHP 3 does not support $ http_post_files arrays.

When the register_global in php.ini is set to ON, you can use more variables. For example, $ userfile_name is equivalent to $ _files ['userfile'] ['name'], $ userfile_type is equivalent to $ _files ['userfile'] ['type'], etc. Keep in mind that from PHP 4.2.0, Register_Globals's default is OFF, so we recommend that you do not depend on the reform settings to use the additional variables just mentioned. After the file is uploaded, it will be stored in the default temporary directory of the server by default unless you set up UPLOAD_TMP_DIR in php.ini to other paths. The server's default temporary directory can be reset by changing the environment variable TMPDIR of the PHP runtime environment, but it is not played by running the Putenv () function inside the PHP script. This environment variable can also be used to confirm that other operations are also performed on the uploaded file. Example 18-2. Make the file upload

Please check the function is_uploaded_file () and move_uploaded_file () to get further information. The following paradigm processes the file uploaded by the form.

$ uploaddir = '/ var / www / uploads /'; $ uploadfile = $ uploaddir. $ _files ['userfile'] ['name']; print "

"; if (move_uploaded_file ($ _ files ['userfile'] ['TMP_NAME'], $ UPLOADDIR. $ _FILES ['Userfile'] ['Name'])) {Print "File is Valid, And Was SuccessFully Uploaded. Here's Some More Debugging Info: / N"; Print_R ($ _ files) } else {print "Possible File Upload Attack! Here's Some Debugging Info: / N"; Print_r ($ _ files);} PRINT "";?>>>>>
The PHP script that accepts the upload file must be judged after the file is uploaded to determine the files to operate next to the file. For example, you can ignore a file that is too large or too small by $ _files ['Userfile'] ['size'], or filter file types through $ _files ['userfile'] ['type'] variables and Some standards are not in line with documents. In PHP 4.2.0 or higher, you can also do related judgments based on different error code via $ _files ['userfile'] ['ERROR'] variable. Regardless of the judgment, you must remove the file from the temporary directory or move it to other places.
If there is no file in the form, the PHP variable $ _files ['userfile'] ['size'] will be 0, $ _ files ['userfile'] ['TMP_NAME'] will be NONE. If the file is not moved to other places, it is not renamed, then the file will be deleted at the end of the form request.

转载请注明原文地址:https://www.9cbs.com/read-54643.html

9cbs

New Post(0)