PHP kullanarak Dosya Doğrulama ise ifadeleri yüklenenler

1 Cevap php

Hi I am quite new to php but i have been following some tutorials but they don't seem to work so I have tried to adapt them. I have tested this code and it works to a point but theres something else I can't get my head around, the php file is not uploading (fine) but the details are still being writen to the datbase although the $ok is spose to be set to 0 (not fine). It might be easier if explain what is ment to happen here:

-The User can upload gif or jpeg files. Details added to the db. -The User can upload no file as a default will be used. Details added to the db. -The User should not be able to upload any other file. No record should be on the db, user should have to try again.

Şimdiye kadar benim Kodu:

<?php

//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);
$ok=0; 


//This gets all the other information from the form
$name= mysql_real_escape_string ($_POST['nameMember']);
$bandMember= mysql_real_escape_string ($_POST['bandMember']);
$pic= mysql_real_escape_string ($_FILES['photo']['name']);
$about= mysql_real_escape_string ($_POST['aboutMember']);
$bands= mysql_real_escape_string ($_POST['otherBands']);

$uploaded_size=$_FILES['photo']['file_size']; 
if ($uploaded_size > 350000)
{
echo "Your file is too large, 35Kb is the largest file you can upload.<br>";
$ok=0;
} 
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
} 

if (!($uploaded_type =="image/jpeg"))
{
echo "JPEG<br>";$ok=1;
} 

if ($uploaded_type =="image/gif")
{
echo "GIf<br>";$ok=1;
} 

if (empty($pic)){
echo "You haven't uploaded a photo, a default will be used instead.<br/>";$ok=1;}


if ($ok==0)
{
Echo "Sorry your file was not uploaded, please try again with the correct format.";
}

//If everything is ok we try to upload it
else
{ 

// Connects to your Database
mysql_connect("localhost", "*******", "******") or die(mysql_error()) ;
mysql_select_db("project") or die(mysql_error()) ;

//Writes the information to the database
mysql_query("INSERT INTO dbProfile (nameMember,bandMember,photo,aboutMember,otherBands)
VALUES ('$name', '$bandMember', '$pic', '$about', '$bands')") ;

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory<br/>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
else {

//Gives and error if its not
echo "<p>If you have uploaded a picture there may have been a problem uploading your file.</p>";
print "<a class=\"blue\" href=\"createMember.php\">Add Another Record</a> | <a class=\"blue\" href=\"listMember.php\">Band Member Profiles and Affiliates Menu</a>";
}
}
?>

Önceden Cheers. CHL

1 Cevap

Hata muhtemelen bu if deyimidir:

  if (!($uploaded_type =="image/jpeg"))
  {
    echo "JPEG<br>";$ok=1;
  }

Çünkü, "image / jpeg" eşittir 1 ok değerlendirir $, böylece her şeyi veritabanına yazılı alır bir içerik türü yok bir resim yükleyebilir her zaman.

Ama aynı zamanda kullanıcı bir dosyanın sahte MIME türüne mümkün olduğundan, sadece bu gibi MIME türünü kontrol sıkıntı içine alabilirsiniz, dikkat edin.

Örneğin, doğru görüntü MIME türünü almak için iMagic kullanabilirsiniz. Burada daha fazla ayrıntı bakın: http://de2.php.net/manual/en/function.imagick-identifyimage.php

Düzenleme: Sadece fark, o $ uploaded_type yerde komut başlatılmadı almaz. Dediğim gibi, $ _FILES ['resim'] ['type'] kullanarak MIME tipi kaba bir tahmin yapabilirsiniz.

etiketler