php文件上传即使出错也总是上传文件
I am trying to upload either pdf or jpg, jpeg files to a folder and the code is as follows:
//Get the uploaded file information
if(!$_FILES['medreport']['error'])
{
$medreport = basename($_FILES['medreport']['name']);
$medreport_extn = substr($medreport, strrpos($medreport, '.') + 1);//get the file extension of the file
$medreport_size = $_FILES["medreport"]["size"]/1024;//size in KBs
$tmp_path = $_FILES["medreport"]["tmp_name"];
$report_folder = "../reports/";
//Settings
$max_allowed_file_size = 200; // size in KB
$allowed_extensions = array("jpg", "jpeg", "pdf");
//Validations
}
if($medreport_size > $max_allowed_file_size )
{
$error[] = "Size of the report file should be less than $max_allowed_file_size KB";
}
//Validate the file extension
$allowed_ext = false;
for($i=0; $i<sizeof($allowed_extensions); $i++)
{
if(strcasecmp($allowed_extensions[$i],$medreport_extn) == 0)
{
$allowed_ext = true;
}
}
if(!$allowed_ext)
{
$error[] = "The uploaded report file is not a supported file type. "."Only pdf, jpg and jpeg report file types are supported. ";
}
//replace filename with unixtime
$unixtime =time();
$medreport = $unixtime.mt_rand(0,9).'.'.$medreport_extn;
$report_path = $report_folder . $medreport;
if(is_uploaded_file($tmp_path))
{
if(!copy($tmp_path,$report_path))
{
$error[] = 'Error while copying the uploaded report file';
}
}
while trying to upload files with correct extension and size i am able to upload it.
But if i try to upload an over sized or incorrect format file, it displays my error message, but the file always get uploaded to the folder.
Why is it so ?? Please, What is wrong with my code??
Is the way, i am doing it is secure enough ?? the folder is owned by www-data and permission is 755. I have a .htaccess file too in the file upload folder to prevent executables as follows:
SetHandler none
SetHandler default-handler
Options -ExecCGI
php_flag engine off
The file always uploading is confusing me.
我正在尝试将pdf或jpg,jpeg文件上传到文件夹,代码如下: p>
//获取上传的文件信息
if(!$ _ FILES ['medreport'] ['error'])
{
$ medreport = basename($ _ FILES [' medreport'] ['name']);
$ medreport_extn = substr($ medreport,strrpos($ medreport,'。')+ 1); //获取文件的文件扩展名
$ medreport_size = $ _FILES [ “medreport”] [“size”] / 1024; //大小以KB为单位
$ tmp_path = $ _FILES [“medreport”] [“tmp_name”];
$ report_folder =“../ report /”; n
//设置
$ max_allowed_file_size = 200; //以KB为单位的大小
$ allowed_extensions = array(“jpg”,“jpeg”,“pdf”);
//验证
}
if($ medreport_size&gt; $ max_allowed_file_size)
{
$ error [] =“报告文件的大小应小于$ max_allowed_file_size KB”;
}
//验证文件扩展名
$ allowed_ext = false;
for($ i = 0; $ i&lt; sizeof($ allowed_extensions); $ i ++)
{
if if(strcasecmp($ allowed_extensions [$ i],$ medreport_extn)== 0)
{
$ allowed_ext = true;
}
}
if(!$ allowed_ext)
{
$ error [] =“上传的报告文件不是受支持的文件类型。”。“仅支持pdf,jpg和jpeg报告文件类型。”; \ n}
//用unixtime替换文件名
$ unixtime = time();
$ medreport = $ unixtime.mt_rand(0,9)。'。'。$ medreport_extn;
$ report_path = $ report_folder。 $ medreport;
if(is_uploaded_file($ tmp_path))
{
if(!copy($ tmp_path,$ report_path))
{
$ error [] ='复制上传的报告文件时出错'; \ n}
}
code> pre>
尝试上传具有正确扩展名和大小的文件时,我可以上传它。 p>
但是,如果我尝试上传超大或不正确的格式文件,它会显示我的错误消息,但该文件始终会上传到该文件夹。 p>
为什么会这样? 请问,我的代码出了什么问题? p>
方式,我这样做是否足够安全? 该文件夹由www-data拥有,权限为755.我在文件上传文件夹中也有一个.htaccess文件,以防止可执行文件如下: p>
SetHandler none
SetHandler default -handler
Options -ExecCGI
php_flag引擎关
code> pre>
文件总是上传 em>令我困惑。 p>
div>
You are not using the errors you just found to check if you need to continue.
This:
if(is_uploaded_file($tmp_path))
Should be something like:
if(count($error) === 0 && is_uploaded_file($tmp_path))
And you should initialize your $error array at the start as an empty array if you are not doing that already.