文件上传和将数据插入php myadmin时出错
我在这段代码中遇到错误。我想将文件上传限制为 1.5 mb 并且类型仅为 doc 文件...首先提示警报,现在只有文件类型警报正在提示和数据,但也保存到 php myadmin 中。其中包括所有类型的文件,即我不想要的 pdf、mp4 等。任何人都有解决方案。
代码如下:
<?php
$con = mysqli_connect("localhost","root","","physiocon");
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$edit_state = false;
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email= $_POST['email'];
$abscategory = $_POST['abscategory'];
$submcategory = $_POST['submcategory'];
$uploadOk = 1;
$file = $_FILES['file']['name'];
$target = "admin/submitted abstracts/".basename($_FILES['file'['name']);
$imageFileType = strtolower(pathinfo($target,PATHINFO_EXTENSION));
// Check if file already exists
if (file_exists($target)) {
echo ("<script LANGUAGE='JavaScript'>
window.alert('Sorry File is already Exists. Please Upload Another File
or Rename Your File!');
window.location.href='abstract_submission.php';
</script>");
$uploadOk = 0;
}
// Check file size
if ($_FILES["file"]["size"] > 1500) {
echo ("<script LANGUAGE='JavaScript'>
window.alert('Sorry File Size Allowed is upto 1.5 MB !');
window.location.href='abstract_submission.php';
</script>");
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "doc") {
echo ("<script LANGUAGE='JavaScript'>
window.alert('Sorry only .doc file is allowed !');
window.location.href='abstract_submission.php';
</script>");
$uploadOk = 0;
}
$sql="INSERT INTO `abstracts`(`name`, `email`, `abs_file`, `abs_ategory`,
`subm_category`) VALUES
('$name','$email','$file','$abscategory','$submcategory')";
mysqli_query($con, $sql);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target)){
echo ("<script LANGUAGE='JavaScript'>
window.alert('Testimonial Added Successfully !');
window.location.href='abstract_submission.php';
</script>");
} else {
echo "Error updating record: " . mysqli_error($con);
}
}
?>
FFIVE2回答
-
www说
您可以通过检查上传文件的扩展名(按名称)来验证文件类型。替换下面的代码条件 // Allow certain file formats if($imageFileType != "doc"){ // Your JavaScript code }将条件替换为$allowedExtsImg=array("doc","docx");$extensionsub = explode(".", $file);$extension = strtolower(end($extensionsub));if (!in_array($extension, $allowedExtsImg)){ //Enter your JavaScript code here}在您的代码编写 if 条件之前结束所有验证之后// This condition will prevent below action if there is a validation error above.if($uploadOk!=0){ // Your Insert Query, and Upload file Code} -
一只名叫tom的猫
好吧,您正在设置一个变量 $uploadOk 但您从不检查它。如果该变量为 0,则尝试停止执行。这样就不会进行 SQL 查询。......if($imageFileType != "doc") { echo ("<script LANGUAGE='JavaScript'> window.alert('Sorry only .doc file is allowed !'); window.location.href='abstract_submission.php'; </script>"); $uploadOk = 0;}if ($uploadOk === 0) { die("Invalid upload");}.......考虑为 $uploadOk 变量使用布尔值(真或假),而不是整数。此外,您的代码已开放用于 sql 注入。不要在 SQL 语句中直接使用 $_POST 值。
随时随地看视频慕课网APP
PHP