如何查看用户是否用PHP上传了文件?
我进行某种形式的验证,以确保用户上传的文件的类型正确。 但是上载是可选的,因此如果他没有上载任何内容并提交了表单的其余部分,我想跳过验证。 我如何检查他是否上传了东西? $_FILES['myflie']['size'] <=0可以工作吗?
Click Upvote asked 2020-01-17T12:57:54Z
7个解决方案
126 votes
您可以使用is_uploaded_file():
if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {
echo 'No upload';
}
从文档:
如果文件名为,则返回TRUE 文件名是通过HTTP POST上传的。 这有助于确保 恶意用户没有试图欺骗 该脚本可以处理文件 它不应该工作-对于 例如,/ etc / passwd。
这种检查尤其 重要的是,如果有机会 上传文件完成的所有操作 可以向他们透露他们的内容 用户,甚至是其他用户 同一系统。
编辑:我在FileUpload类中使用它,以防万一:
public function fileUploaded()
{
if(empty($_FILES)) {
return false;
}
$this->file = $_FILES[$this->formField];
if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){
$this->errors['FileNotExists'] = true;
return false;
}
return true;
}
karim79 answered 2020-01-17T12:58:21Z
10 votes
这段代码对我有用。 我正在使用多个文件上传,因此我需要检查是否有任何上传。
HTML部分:
PHP部分:
if(isset($_FILES['files']) ){
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){
if(!empty($_FILES['files']['tmp_name'][$key])){
// things you want to do
}
}
pranjal answered 2020-01-17T12:58:50Z
9 votes
@ karim79的答案正确,但是我不得不重写他的示例以适合我的目的。 他的示例假定提交字段的名称是已知的并且可以用硬编码输入。我进一步走了一步,制作了一个函数,该函数将告诉我是否有任何文件被上传,而无需知道上传字段的名称。
/**
* Tests all upload fields to determine whether any files were submitted.
*
* @return boolean
*/
function files_uploaded() {
// bail if there were no upload forms
if(empty($_FILES))
return false;
// check for uploaded files
$files = $_FILES['files']['tmp_name'];
foreach( $files as $field_title => $temp_name ){
if( !empty($temp_name) && is_uploaded_file( $temp_name )){
// found one!
return true;
}
}
// return false if no files were found
return false;
}
doub1ejack answered 2020-01-17T12:59:10Z
3 votes
Select image to upload:
if (isset($_FILES['my_files']))
{
$myFile = $_FILES['my_files'];
$fileCount = count($myFile["name"]);
for ($i = 0; $i
{
$error = $myFile["error"][$i];
if ($error == '4') // error 4 is for "no file selected"
{
echo "no file selected";
}
else
{
$name = $myFile["name"][$i];
echo $name;
echo "
";
$temporary_file = $myFile["tmp_name"][$i];
echo $temporary_file;
echo "
";
$type = $myFile["type"][$i];
echo $type;
echo "
";
$size = $myFile["size"][$i];
echo $size;
echo "
";
$target_path = "uploads/$name"; //first make a folder named "uploads" where you will upload files
if(move_uploaded_file($temporary_file,$target_path))
{
echo " uploaded";
echo "
";
echo "
";
}
else
{
echo "no upload ";
}
}
}
}
?>
但是要保持警惕。 用户可以上传任何类型的文件,也可以通过上传恶意文件或php文件来入侵您的服务器或系统。 在此脚本中,应进行一些验证。 谢谢。
shiv answered 2020-01-17T12:59:31Z
2 votes
您应该使用$_FILES[$form_name]['error']。如果未上传任何文件,它将返回UPLOAD_ERR_NO_FILE。 完整列表:PHP:错误消息解释
function isUploadOkay($form_name, &$error_message) {
if (!isset($_FILES[$form_name])) {
$error_message = "No file upload with name '$form_name' in form.";
return false;
}
$error = $_FILES[$form_name]['error'];
// List at: http://php.net/manual/en/features.file-upload.errors.php
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case UPLOAD_ERR_INI_SIZE:
$error_message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini.';
break;
case UPLOAD_ERR_FORM_SIZE:
$error_message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.';
break;
case UPLOAD_ERR_PARTIAL:
$error_message = 'The uploaded file was only partially uploaded.';
break;
case UPLOAD_ERR_NO_FILE:
$error_message = 'No file was uploaded.';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$error_message = 'Missing a temporary folder.';
break;
case UPLOAD_ERR_CANT_WRITE:
$error_message = 'Failed to write file to disk.';
break;
case UPLOAD_ERR_EXTENSION:
$error_message = 'A PHP extension interrupted the upload.';
break;
default:
$error_message = 'Unknown error';
break;
}
return false;
}
$error_message = null;
return true;
}
Simon Backx answered 2020-01-17T12:59:51Z
2 votes
我检查了您的代码,并认为您应该尝试以下操作:
if(!file_exists($_FILES['fileupload']['tmp_name']) || !is_uploaded_file($_FILES['fileupload']['tmp_name']))
{
echo 'No upload';
}
else
echo 'upload';
Gaurav answered 2020-01-17T13:00:10Z
1 votes
$_FILES['file']['error'] == UPLOAD_ERR_OK非常适合使用,特别用于检查它是上载的文件还是本地文件(出于安全目的)。
但是,如果您要检查用户是否上传了文件,使用$_FILES['file']['error'] == UPLOAD_ERR_OK。
有关文件上传错误消息,请参见PHP手册。 如果只想检查是否没有文件,请使用UPLOAD_ERR_NO_FILE。
TD_Nijboer answered 2020-01-17T13:00:40Z