我进行了一些表单验证,以确保用户上传的文件是正确的类型。但是上传是可选的,所以如果他没有上传任何内容并提交了其余的表单,我想跳过验证。如何检查他是否上传了文件?$_FILES['myflie']['size'] <=0
可以吗?
我进行了一些表单验证,以确保用户上传的文件是正确的类型。但是上传是可选的,所以如果他没有上传任何内容并提交了其余的表单,我想跳过验证。如何检查他是否上传了文件?$_FILES['myflie']['size'] <=0
可以吗?
您可以使用is_uploaded_file()
函数:
if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {
echo 'No upload';
}
从文档中可以得知:
如果文件名filename是通过HTTP POST上传的,则返回TRUE。 这对于确保恶意用户没有试图欺骗脚本运行在不应该处理的文件上(例如/ etc / passwd)非常有用。
如果任何使用已上传文件的操作可能向用户或甚至同一系统上的其他用户显示其内容,那么这种检查尤其重要。
编辑:我将在我的FileUpload类中使用它,如果这有助于理解:
public function fileUploaded()
{
if(empty($_FILES)) {
return false;
}
$this->file = $_FILES[$this->formField];
if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){
$this->errors['FileNotExists'] = true;
return false;
}
return true;
}
name=files[]
,这会导致出现错误 file_exists() expects parameter 1 to be a valid path, array given
。您需要更深入地查看 $_FILES['files']['tmp_name'][0]
是否为空/已上传。 - Brock Hensleyfile_exists
检查有什么意义吗?如果is_uploaded_file()
返回true
,那么文件存在肯定是真的,不是吗? - Pacerier<input name="files[]" type="file" multiple="multiple" />
PHP部分:
if(isset($_FILES['files']) ){
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){
if(!empty($_FILES['files']['tmp_name'][$key])){
// things you want to do
}
}
@karim79的回答是正确的,但我不得不重写他的示例以适应我的需求。他的示例假定已知并且可以在代码中硬编码提交字段的名称。我进一步编写了一个函数,可以告诉我是否上传了任何文件,而无需知道上传字段的名称。
/**
* Tests all upload fields to determine whether any files were submitted.
*
* @return boolean
*/
function files_uploaded() {
// bail if there were no upload forms
if(empty($_FILES))
return false;
// check for uploaded files
$files = $_FILES['files']['tmp_name'];
foreach( $files as $field_title => $temp_name ){
if( !empty($temp_name) && is_uploaded_file( $temp_name )){
// found one!
return true;
}
}
// return false if no files were found
return false;
}
<!DOCTYPE html>
<html>
<body>
<form action="#" method="post" enctype="multipart/form-data">
Select image to upload:
<input name="my_files[]" type="file" multiple="multiple" />
<input type="submit" value="Upload Image" name="submit">
</form>
<?php
if (isset($_FILES['my_files']))
{
$myFile = $_FILES['my_files'];
$fileCount = count($myFile["name"]);
for ($i = 0; $i <$fileCount; $i++)
{
$error = $myFile["error"][$i];
if ($error == '4') // error 4 is for "no file selected"
{
echo "no file selected";
}
else
{
$name = $myFile["name"][$i];
echo $name;
echo "<br>";
$temporary_file = $myFile["tmp_name"][$i];
echo $temporary_file;
echo "<br>";
$type = $myFile["type"][$i];
echo $type;
echo "<br>";
$size = $myFile["size"][$i];
echo $size;
echo "<br>";
$target_path = "uploads/$name"; //first make a folder named "uploads" where you will upload files
if(move_uploaded_file($temporary_file,$target_path))
{
echo " uploaded";
echo "<br>";
echo "<br>";
}
else
{
echo "no upload ";
}
}
}
}
?>
</body>
</html>
但是请保持警惕。用户可以上传任何类型的文件,并通过上传恶意或PHP文件来入侵您的服务器或系统。因此,在此脚本中应该有一些验证措施。谢谢。
您应该使用$_FILES[$form_name]['error']
,如果没有上传文件,则返回UPLOAD_ERR_NO_FILE
。完整列表请参见:PHP:错误消息解释
function isUploadOkay($form_name, &$error_message) {
if (!isset($_FILES[$form_name])) {
$error_message = "No file upload with name '$form_name' in form.";
return false;
}
$error = $_FILES[$form_name]['error'];
// List at: http://php.net/manual/en/features.file-upload.errors.php
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case UPLOAD_ERR_INI_SIZE:
$error_message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini.';
break;
case UPLOAD_ERR_FORM_SIZE:
$error_message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.';
break;
case UPLOAD_ERR_PARTIAL:
$error_message = 'The uploaded file was only partially uploaded.';
break;
case UPLOAD_ERR_NO_FILE:
$error_message = 'No file was uploaded.';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$error_message = 'Missing a temporary folder.';
break;
case UPLOAD_ERR_CANT_WRITE:
$error_message = 'Failed to write file to disk.';
break;
case UPLOAD_ERR_EXTENSION:
$error_message = 'A PHP extension interrupted the upload.';
break;
default:
$error_message = 'Unknown error';
break;
}
return false;
}
$error_message = null;
return true;
}
is_uploaded_file()
非常适合用于检查上传的文件或本地文件(出于安全考虑)。
但是,如果您想检查用户是否上传了文件,请使用$_FILES ['file'] ['error'] == UPLOAD_ERR_OK
。
请参阅PHP手册中关于文件上传错误消息的内容。如果您只想检查没有文件,则使用UPLOAD_ERR_NO_FILE
。
if(!file_exists($_FILES['fileupload']['tmp_name']) || !is_uploaded_file($_FILES['fileupload']['tmp_name']))
{
echo 'No upload';
}
else
echo 'upload';
if ( boolval( $_FILES['image']['error'] === 0 ) ) {
// ...
}