使用 php上传文件的最佳和安全方式

这个问题已经在这里问过了。但是您可以使用我自己的代码，因为它既简单又安全。function hc_upload($f,$username='',$verify_type=1,$size=2048){    $f=$_FILES[$f];    $file_name=strtolower($f['name']);    $file_type=strtolower($f['type']);    $file_size=strtolower($f['size']);    $file_extenstion =end(explode('.',$file_name));    $file_extenstion2=strtolower(pathinfo(basename($file_name),PATHINFO_EXTENSION));    if($file_extenstion2!=$file_extenstion){        $err["error"]=true;        $err["message"]="Invalid file extension.";        return $err;    }    if($file_size > $size*1000){        $err["error"]=true;        $err["message"]="File is too large.";        return $err;    }    $ext_verify=0;    if(gettype($verify_type)!='array')    {        $verify_type=(string)$verify_type;        if((strpos($verify_type,"1") > -1 || $verify_type=="*") &&  $ext_verify==0)        {            $mimes['ext']=array("jpg","jpeg","gif","png");            $mimes['mime']=array("image/jpg","image/jpeg","image/gif","image/png");            if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}        }        if((strpos($verify_type,"2") > -1 || $verify_type=="*") &&  $ext_verify==0)        {            $mimes['ext']=array("doc","docx","pdf","xls","xlsx","ppt","pptx");            if(in_array($file_extenstion,$mimes['ext'])){$ext_verify=1;}        }        if((strpos($verify_type,"3") > -1 || $verify_type=="*") &&  $ext_verify==0)        {            $mimes['ext']=array("mp3","wav","weba","3gp","mp4","mov","mpeg","avi");            $mimes['mime']=array("audio/mpeg","audio/wav","audio/webm","audio/3gpp","video/3gpp","video/mp4","video/quicktime","video/mpeg","video/x-msvideo");            if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}        }    }    else    {        if(array_key_exists("mime",$verify_type) && array_key_exists("ext",$verify_type)){            if(in_array($file_extenstion,$verify_type['ext']) && in_array($file_type,$verify_type['mime'])){$ext_verify=1;}        }        elseif(array_key_exists("ext",$verify_type)){            if(in_array($file_extenstion,$verify_type['ext'])){$ext_verify=1;}        }        elseif(array_key_exists("mime",$verify_type)){            if(in_array($file_type,$verify_type['mime'])){$ext_verify=1;}        }        else{            if(in_array($file_extenstion,$verify_type)){$ext_verify=1;}        }    }    if($ext_verify==0){        $err["error"]=true;        $err["message"]="Seems your file is not valid";        return $err;    }    $upload_dir='upload/'.$username.'/';    if(!is_dir($upload_dir)){        if(!mkdir($upload_dir,0777,true)){            $err["error"]=true;            $err["message"]="Unknown error, kindly contact admin";            return $err;        }    }    $upload_file=$upload_dir.sha1_file($f['tmp_name']);    if(!file_exists($upload_file)){        if(!move_uploaded_file($f['tmp_name'], $upload_file)){            $err["error"]=true;            $err["message"]="Unknown error, kindly contact admin";            return $err;        }    }    $err["error"]=true;    $err["message"]="SUCCESS";    $err["dir"]=$upload_file;    return $err;}HTML 示例代码是<form action="upload.php" method="post" enctype="multipart/form-data">    Select image to upload:    <input type="file" name="fileToUpload" id="fileToUpload">    <input type="submit" value="Upload Image" name="submit"></form>所以只需在php中调用这个函数hc_upload('fileToUpload','',123) 您可以通过给定两个第二个参数和第三个参数的值来为每个用户名创建文件夹两个检查文件是图像或文档还是音频/视频媒体，还可以传递扩展名数组以进行手动检查

使用 php上传文件的最佳和安全方式

1回答