php怎样查看fileinfo,如何查看用户是否用PHP上传了文件？

如何查看用户是否用PHP上传了文件？

我进行某种形式的验证，以确保用户上传的文件的类型正确。 但是上载是可选的，因此如果他没有上载任何内容并提交了表单的其余部分，我想跳过验证。 我如何检查他是否上传了东西？ $_FILES['myflie']['size'] <=0可以工作吗？

Click Upvote asked 2020-01-17T12:57:54Z

7个解决方案

126 votes

您可以使用is_uploaded_file()：

if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {

echo 'No upload';

}

从文档：

如果文件名为，则返回TRUE   文件名是通过HTTP POST上传的。   这有助于确保   恶意用户没有试图欺骗   该脚本可以处理文件   它不应该工作-对于   例如，/ etc / passwd。

这种检查尤其   重要的是，如果有机会   上传文件完成的所有操作   可以向他们透露他们的内容   用户，甚至是其他用户   同一系统。

编辑：我在FileUpload类中使用它，以防万一：

public function fileUploaded()

{

if(empty($_FILES)) {

return false;

}

$this->file = $_FILES[$this->formField];

if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){

$this->errors['FileNotExists'] = true;

return false;

}

return true;

}

karim79 answered 2020-01-17T12:58:21Z

10 votes

这段代码对我有用。 我正在使用多个文件上传，因此我需要检查是否有任何上传。

HTML部分：

PHP部分：

if(isset($_FILES['files']) ){

foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){

if(!empty($_FILES['files']['tmp_name'][$key])){

// things you want to do

}

}

pranjal answered 2020-01-17T12:58:50Z

9 votes

@ karim79的答案正确，但是我不得不重写他的示例以适合我的目的。 他的示例假定提交字段的名称是已知的并且可以用硬编码输入。我进一步走了一步，制作了一个函数，该函数将告诉我是否有任何文件被上传，而无需知道上传字段的名称。

/**

* Tests all upload fields to determine whether any files were submitted.

*

* @return boolean

*/

function files_uploaded() {

// bail if there were no upload forms

if(empty($_FILES))

return false;

// check for uploaded files

$files = $_FILES['files']['tmp_name'];

foreach( $files as $field_title => $temp_name ){

if( !empty($temp_name) && is_uploaded_file( $temp_name )){

// found one!

return true;

}

}

// return false if no files were found

return false;

}

doub1ejack answered 2020-01-17T12:59:10Z

3 votes

Select image to upload:

if (isset($_FILES['my_files']))

{

$myFile = $_FILES['my_files'];

$fileCount = count($myFile["name"]);

for ($i = 0; $i

{

$error = $myFile["error"][$i];

if ($error == '4') // error 4 is for "no file selected"

{

echo "no file selected";

}

else

{

$name = $myFile["name"][$i];

echo $name;

echo "
";

$temporary_file = $myFile["tmp_name"][$i];

echo $temporary_file;

echo "
";

$type = $myFile["type"][$i];

echo $type;

echo "
";

$size = $myFile["size"][$i];

echo $size;

echo "
";

$target_path = "uploads/$name"; //first make a folder named "uploads" where you will upload files

if(move_uploaded_file($temporary_file,$target_path))

{

echo " uploaded";

echo "
";

echo "
";

}

else

{

echo "no upload ";

}

}

}

}

?>

但是要保持警惕。 用户可以上传任何类型的文件，也可以通过上传恶意文件或php文件来入侵您的服务器或系统。 在此脚本中，应进行一些验证。 谢谢。

shiv answered 2020-01-17T12:59:31Z

2 votes

您应该使用$_FILES[$form_name]['error']。如果未上传任何文件，它将返回UPLOAD_ERR_NO_FILE。 完整列表：PHP：错误消息解释

function isUploadOkay($form_name, &$error_message) {

if (!isset($_FILES[$form_name])) {

$error_message = "No file upload with name '$form_name' in form.";

return false;

}

$error = $_FILES[$form_name]['error'];

// List at: http://php.net/manual/en/features.file-upload.errors.php

if ($error != UPLOAD_ERR_OK) {

switch ($error) {

case UPLOAD_ERR_INI_SIZE:

$error_message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini.';

break;

case UPLOAD_ERR_FORM_SIZE:

$error_message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.';

break;

case UPLOAD_ERR_PARTIAL:

$error_message = 'The uploaded file was only partially uploaded.';

break;

case UPLOAD_ERR_NO_FILE:

$error_message = 'No file was uploaded.';

break;

case UPLOAD_ERR_NO_TMP_DIR:

$error_message = 'Missing a temporary folder.';

break;

case UPLOAD_ERR_CANT_WRITE:

$error_message = 'Failed to write file to disk.';

break;

case UPLOAD_ERR_EXTENSION:

$error_message = 'A PHP extension interrupted the upload.';

break;

default:

$error_message = 'Unknown error';

break;

}

return false;

}

$error_message = null;

return true;

}

Simon Backx answered 2020-01-17T12:59:51Z

2 votes

我检查了您的代码，并认为您应该尝试以下操作：

if(!file_exists($_FILES['fileupload']['tmp_name']) || !is_uploaded_file($_FILES['fileupload']['tmp_name']))

{

echo 'No upload';

}

else

echo 'upload';

Gaurav answered 2020-01-17T13:00:10Z

1 votes

$_FILES['file']['error'] == UPLOAD_ERR_OK非常适合使用，特别用于检查它是上载的文件还是本地文件(出于安全目的)。

但是，如果您要检查用户是否上传了文件，使用$_FILES['file']['error'] == UPLOAD_ERR_OK。

有关文件上传错误消息，请参见PHP手册。 如果只想检查是否没有文件，请使用UPLOAD_ERR_NO_FILE。

TD_Nijboer answered 2020-01-17T13:00:40Z