File Upload PHP
梅安平
自己实现的一个文件上传:
<html>
<form enctype="multipart/form-data" action="upload.php" method="POST">
Choose an image to upload:
<br>
<input name="uploaded" type="file"><br>
<br>
<input name="Upload" value="Upload" type="submit">
</form>
<?php
if (isset($_POST['Upload'])) {
//$target_path = ".";
//$target_path = $target_path . basename( $_FILES['uploaded']['name']);
$target_path="/var/www/upload/";
$target_path = $target_path.$_FILES['uploaded']['name'];
echo $target_path;
echo "<br/>";
//echo $_FILES['uploaded']['tmp_name'];
//echo "<br>";
if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) {
echo '<pre>';
echo 'Your image was not uploaded.';
echo '</pre>';
} else {
echo '<pre>';
echo $target_path . ' succesfully uploaded!';
echo '</pre>';
}
}
?>
</html>
下面是对一个文件上传实现的白名单过滤:
<?php
if (isset($_POST['Upload'])) {
//首先确定路径
$target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/";
$target_path = $target_path . basename($_FILES['uploaded']['name']);
$uploaded_name = $_FILES['uploaded']['name'];//获得上传的文件名
$uploaded_ext = substr($uploaded_name, strrpos($uploaded_name, '.') + 1);
//substr作用是字符串截断
//strrpos寻找 . 在字符串中出现的最后一个位置
//uploaded_ext 就是获得扩展名
$uploaded_size = $_FILES['uploaded']['size'];//获得上传文件的大小
if (($uploaded_ext == "jpg" || $uploaded_ext == "JPG" || $uploaded_ext == "jpeg" || $uploaded_ext == "JPEG") && ($uploaded_size < 100000)){
//这里对扩展名进行白名单检查
if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) {
echo '<pre>';
echo 'Your image was not uploaded.';
echo '</pre>';
} else {
echo '<pre>';
echo $target_path . ' succesfully uploaded!';
echo '</pre>';
}
}
else{
echo '<pre>';
echo 'Your image was not uploaded.';
echo '</pre>';
}
}
//至此实现白名单过滤
?>
类似资料: