一些题外话,抱怨一下,不要介意。还是进入正题吧,我这里讨论很浅,仅仅是思路,以上传txt格式的文件为例,深层次的扩展这里就不讨论了,因此这篇文章只适合PHP初学者,对高手来说可能没有什么意义。好,我们开始。
首先要建立一个文件夹和两个文件,具体如下:
File
—————— 文件夹,用于存放上传的文件。
choose.htm
—————— htm文件,用于选择上传的文件。
upload.php —————— php文件,用于处理上传的文件。
第一步:建立
File 文件夹。
第二步:建立 choose.htm
文件,代码如下:
____________________________________________________________________________________________________________
<form
action="upload.php" method="post"
enctype="multipart/form-data">
<input type="hidden"
name="MAX_FLIE_SIZE" value="1000000" />
上传此文件:
<input name="userfile" type="file" id="userfile" />
<input type="submit" name="Submit" value="上传"
/>
</form>
____________________________________________________________________________________________________________
第三步:建立
upload.php
文件,代码如下:
____________________________________________________________________________________________________________
<?php
//上传文件错误判定
if($_FILES[‘userfile‘][‘error‘]>0)
{
echo
‘错误:‘;
switch($_FILES[‘userfile‘][‘error‘])
{
case 1:
echo ‘文件尺寸超过允许的最大上传限度!‘;
break;
case 2: echo ‘文件尺寸超过允许的最大上传限度!‘;
break;
case 3: echo ‘只有部分文件被上传!‘;
break;
case 4: echo ‘没有任何文件被上传!‘; break;
}
exit;
}
//上传文件格式判定
if($_FILES[‘userfile‘][‘type‘]
!=‘text/plain‘)
{
echo
‘错误:非法文件格式!‘;
exit;
}
//设置文件保存路径
$upfile = ‘./File/‘ .
$_FILES[‘userfile‘][‘name‘];
if(is_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘]))
{
if(!move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘],$upfile))
{
echo
‘错误:没有将文件移动到指定目录!‘;
exit;
}
}
else
{
echo
‘错误:可能文件上传被攻击!文件名:‘;
echo
$_FILES[‘userfile‘][‘name‘];
}
echo
‘文件上传成功!‘;
//格式化上传的文件
$fp = fopen($upfile,‘r‘);
$contents =
fread($fp,filesize($upfile));
fclose($fp);
$contents =
strip_tags($contents);
$fp =
fopen($upfile,‘w‘);
fwrite($fp,$contents);
fclose($fp);
//显示上传文件内容
echo
‘上传文件的内容为:‘;
echo
$contents;
?>
____________________________________________________________________________________________________________
测试一下:
1、建立一个
123.txt 文件,里面输入一些纯文本字符,比如
abc,上传成功!
2、我们再来试看其他后缀名,如.exe,.php,.htm之类的,只要非txt,就将导致失败!
3、把任意一个大于1M的文件名改为123.txt并上传,我们将发现超过限制大小的文件将导致上传失败!
4、将123.txt的内容改掉,删除所有内容,输入
<html>HTML
code</html>,保存并上传,我们会发现上传失败!
5、将123.txt的内容改掉,删除所有内容,输入 <?php
echo‘PHP code‘; ?>保存并上传,我们会发现 File
文件夹中有一个0字节的,没有任何内容的123.txt文件!
相关说明:
首先我们使用了检测MIME类型的方法,因此如果希望通过传一个错误的类型来蒙混过关,这对那些有恶意的用户来说还是很难的,但这只是错误检查,并非安全性检查,但起码这比简单的后缀名过滤的上传方法要安全一些。
之后我们检查要打开的文件是否已经真的被上传而且不是一个本地文件,因为有的恶意软件能够让侵入者修改文件上传脚本,使此脚本可以将本地文件当成上载的文件进行处理。我们使用
is_uploaded_file() 和 move_uploaded_file()
这两个函数来确保所处理的文件已经被上传,而非一个本地文件。
最后,我们打开这个文件,使用 strip_tags() 函数清除任何 HTML 或
PHP 标记,防止通过重重错误检查的 123.txt
仍然含有恶意代码。最后保存文件,直到这里,才真正的完成了整个上传工作。
补充说明:
有可能某些人看客对 upload.php
中的 switch
条件句有些模糊,不知道为什么要这么写,我在这里简单的补充说明一下:
$_FILES[‘userfile‘][‘error‘]
值为0时:UPLOAD_ERROR_OK (表示没有发生任何错误)
值为1时:UPLOAD_ERR_INI_SIZE (表示上传文件的大小超过了PHP配置文件的最大值)
值为2时:UPLOAD_ERR_FORM_SIZE (表示上传文件的大小超过了HTML表单中指定的最大值)
值为3时:UPLOAD_ERR_PARTIAL (表示文件只有一部分被上传)
值为4时:UPLOAD_ERR_NO_FILE (表示没有任何的文件被上传)
好,那就到这里结束吧。再次重声,这仅仅是个很浅的思路,如果要真的运用到开发中去,还需要进行很多修改很完善,这个就得靠大家自己去研究了。还是那句话:有什么不足的地方,欢迎各位指正,让大家见笑了。
写这篇文章最根本的目的:希望能给需要的人一些微薄的帮助。我PHP也是自学的,知道其中的辛苦,所以自己虽然很菜菜,但是也要懂得去分享,也希望每个人都能这样:共同学习、共同进步。
自知这种文章多如牛毛,再烂好歹也是原创,所以……各位口下留情,小弟知错了,呵呵。
另外注意:enctype
属性规定在发送到服务器之前应该如何对表单数据进行编码。
<form action="form_action.asp"enctype="text/plain"
> <p>First name: <input type="text" name="fname" /></p> <p>Last name: <input type="text" name="lname" /></p> <input type="submit" value="Submit" /> </form>
可以参考:http://www.w3school.com.cn/tags/att_form_enctype.asp
一下是文件后缀与MIME类型的对照表
123
application/vnd.lotus-1-2-3
3gp
video/3gpp
aab
application/x-authoware-bin
aam
application/x-authoware-map
aas
application/x-authoware-seg
ai
application/postscript
aif
audio/x-aiff
aifc audio/x-aiff
aiff
audio/x-aiff
als audio/X-Alpha5
amc
application/x-mpeg
ani
application/octet-stream
asc
text/plain
asd
application/astound
asf
video/x-ms-asf
asn
application/astound
asp
application/x-asap
asx
video/x-ms-asf
au audio/basic
avb
application/octet-stream
avi
video/x-msvideo
awb
audio/amr-wb
bcpio
application/x-bcpio
bin
application/octet-stream
bld
application/bld
bld2
application/bld2
bmp
application/x-MS-bmp
bpk
application/octet-stream
bz2
application/x-bzip2
cal
image/x-cals
ccn
application/x-cnc
cco
application/x-cocoa
cdf
application/x-netcdf
cgi
magnus-internal/cgi
chat
application/x-chat
class
application/octet-stream
clp
application/x-msclip
cmx
application/x-cmx
co
application/x-cult3d-object
cod
image/cis-cod
cpio
application/x-cpio
cpt
application/mac-compactpro
crd
application/x-mscardfile
csh
application/x-csh
csm
chemical/x-csml
csml
chemical/x-csml
css text/css
cur
application/octet-stream
dcm
x-lml/x-evm
dcr
application/x-director
dcx
image/x-dcx
dhtml text/html
dir
application/x-director
dll
application/octet-stream
dmg
application/octet-stream
dms
application/octet-stream
doc
application/msword
dot
application/x-dot
dvi
application/x-dvi
dwf
drawing/x-dwf
dwg
application/x-autocad
dxf
application/x-autocad
dxr
application/x-director
ebk
application/x-expandedbook
emb
chemical/x-embl-dl-nucleotide
embl
chemical/x-embl-dl-nucleotide
eps
application/postscript
eri
image/x-eri
es audio/echospeech
esl
audio/echospeech
etc
application/x-earthtime
etx
text/x-setext
evm x-lml/x-evm
evy
application/x-envoy
exe
application/octet-stream
fh4
image/x-freehand
fh5
image/x-freehand
fhc
image/x-freehand
fif image/fif
fm
application/x-maker
fpx
image/x-fpx
fvi video/isivideo
gau
chemical/x-gaussian-input
gca
application/x-gca-compressed
gdb
x-lml/x-gdb
gif image/gif
gps
application/x-gps
gtar
application/x-gtar
gz
application/x-gzip
hdf
application/x-hdf
hdm
text/x-hdml
hdml text/x-hdml
hlp
application/winhlp
hqx
application/mac-binhex40
htm
text/html
html text/html
hts
text/html
ice
x-conference/x-cooltalk
ico
application/octet-stream
ief
image/ief
ifm image/gif
ifs
image/ifs
imy audio/melody
ins
application/x-NET-Install
ips
application/x-ipscript
ipx
application/x-ipix
it
audio/x-mod
itz audio/x-mod
ivr
i-world/i-vrml
j2k image/j2k
jad
text/vnd.sun.j2me.app-descriptor
jam
application/x-jam
jar
application/java-archive
jnlp
application/x-java-jnlp-file
jpe
image/jpeg
jpeg image/jpeg
jpg
image/jpeg
jpz image/jpeg
js
application/x-javascript
jwc
application/jwc
kjx
application/x-kjx
lak
x-lml/x-lak
latex
application/x-latex
lcc
application/fastman
lcl
application/x-digitalloca
lcr
application/x-digitalloca
lgh
application/lgh
lha
application/octet-stream
lml
x-lml/x-lml
lmlpack
x-lml/x-lmlpack
lsf
video/x-ms-asf
lsx
video/x-ms-asf
lzh
application/x-lzh
m13
application/x-msmediaview
m14
application/x-msmediaview
m15
audio/x-mod
m3u
audio/x-mpegurl
m3url
audio/x-mpegurl
ma1 audio/ma1
ma2
audio/ma2
ma3 audio/ma3
ma5
audio/ma5
man
application/x-troff-man
map
magnus-internal/imagemap
mbd
application/mbedlet
mct
application/x-mascot
mdb
application/x-msaccess
mdz
audio/x-mod
me
application/x-troff-me
mel
text/x-vmel
mi application/x-mif
mid
audio/midi
midi audio/midi
mif
application/x-mif
mil
image/x-cals
mio audio/x-mio
mmf
application/x-skt-lbs
mng
video/x-mng
mny
application/x-msmoney
moc
application/x-mocha
mocha
application/x-mocha
mod
audio/x-mod
mof
application/x-yumekara
mol
chemical/x-mdl-molfile
mop
chemical/x-mopac-input
mov
video/quicktime
movie
video/x-sgi-movie
mp2
audio/x-mpeg
mp3 audio/x-mpeg
mp4
video/mp4
mpc
application/vnd.mpohun.certificate
mpe
video/mpeg
mpeg video/mpeg
mpg
video/mpeg
mpg4 video/mp4
mpga
audio/mpeg
mpn
application/vnd.mophun.application
mpp
application/vnd.ms-project
mps
application/x-mapserver
mrl
text/x-mrml
mrm application/x-mrm
ms
application/x-troff-ms
mts
application/metastream
mtx
application/metastream
mtz
application/metastream
mzv
application/metastream
nar
application/zip
nbmp image/nbmp
nc
application/x-netcdf
ndb
x-lml/x-ndb
ndwn
application/ndwn
nif
application/x-nif
nmz
application/x-scream
nokia-op-logo
image/vnd.nok-oplogo-color
npx
application/x-netfpx
nsnd
audio/nsnd
nva
application/x-neva1
oda
application/oda
oom
application/x-AtlasMate-Plugin
pac
audio/x-pac
pae audio/x-epac
pan
application/x-pan
pbm
image/x-portable-bitmap
pcx
image/x-pcx
pda image/x-pda
pdb
chemical/x-pdb
pdf
application/pdf
pfr
application/font-tdpfr
pgm
image/x-portable-graymap
pict
image/x-pict
pm
application/x-perl
pmd
application/x-pmd
png image/png
pnm
image/x-portable-anymap
pnz
image/png
pot
application/vnd.ms-powerpoint
ppm
image/x-portable-pixmap
pps
application/vnd.ms-powerpoint
ppt
application/vnd.ms-powerpoint
pqf
application/x-cprplayer
pqi
application/cprplayer
prc
application/x-prc
proxy
application/x-ns-proxy-autoconfig
ps
application/postscript
ptlk
application/listenup
pub
application/x-mspublisher
pvx
video/x-pv-pvx
qcp
audio/vnd.qcelp
qt
video/quicktime
qti
image/x-quicktime
qtif
image/x-quicktime
r3t
text/vnd.rn-realtext3d
ra
audio/x-pn-realaudio
ram
audio/x-pn-realaudio
rar
application/x-rar-compressed
ras
image/x-cmu-raster
rdf
application/rdf+xml
rf
image/vnd.rn-realflash
rgb
image/x-rgb
rlf
application/x-richlink
rm
audio/x-pn-realaudio
rmf
audio/x-rmf
rmm
audio/x-pn-realaudio
rmvb
audio/x-pn-realaudio
rnx
application/vnd.rn-realplayer
roff
application/x-troff
rp
image/vnd.rn-realpix
rpm
audio/x-pn-realaudio-plugin
rt
text/vnd.rn-realtext
rte
x-lml/x-gps
rtf application/rtf
rtg
application/metastream
rtx
text/richtext
rv
video/vnd.rn-realvideo
rwc
application/x-rogerwilco
s3m
audio/x-mod
s3z audio/x-mod
sca
application/x-supercard
scd
application/x-msschedule
sdf
application/e-score
sea
application/x-stuffit
sgm
text/x-sgml
sgml text/x-sgml
sh
application/x-sh
shar
application/x-shar
shtml
magnus-internal/parsed-html
shw
application/presentations
si6
image/si6
si7
image/vnd.stiwap.sis
si9
image/vnd.lgtwap.sis
sis
application/vnd.symbian.install
sit
application/x-stuffit
skd
application/x-Koan
skm
application/x-Koan
skp
application/x-Koan
skt
application/x-Koan
slc
application/x-salsa
smd
audio/x-smd
smi
application/smil
smil
application/smil
smp
application/studiom
smz
audio/x-smd
snd audio/basic
spc
text/x-speech
spl
application/futuresplash
spr
application/x-sprite
sprite
application/x-sprite
spt
application/x-spt
src
application/x-wais-source
stk
application/hyperstudio
stm
audio/x-mod
sv4cpio
application/x-sv4cpio
sv4crc
application/x-sv4crc
svf
image/vnd
svg image/svg-xml
svh
image/svh
svr x-world/x-svr
swf
application/x-shockwave-flash
swfl
application/x-shockwave-flash
t
application/x-troff
tad
application/octet-stream
talk
text/x-speech
tar
application/x-tar
taz
application/x-tar
tbp
application/x-timbuktu
tbt
application/x-timbuktu
tcl
application/x-tcl
tex
application/x-tex
texi
application/x-texinfo
texinfo
application/x-texinfo
tgz
application/x-tar
thm
application/vnd.eri.thm
tif
image/tiff
tiff image/tiff
tki
application/x-tkined
tkined
application/x-tkined
toc
application/toc
toy image/toy
tr
application/x-troff
trk
x-lml/x-gps
trm
application/x-msterminal
tsi
audio/tsplayer
tsp
application/dsptype
tsv
text/tab-separated-values
tsv
text/tab-separated-values
ttf
application/octet-stream
ttz
application/t-time
txt
text/plain
ult audio/x-mod
ustar
application/x-ustar
uu
application/x-uuencode
uue
application/x-uuencode
vcd
application/x-cdlink
vcf
text/x-vcard
vdo video/vdo
vib
audio/vib
viv video/vivo
vivo
video/vivo
vmd
application/vocaltec-media-desc
vmf
application/vocaltec-media-file
vmi
application/x-dreamcast-vms-info
vms
application/x-dreamcast-vms
vox
audio/voxware
vqe
audio/x-twinvq-plugin
vqf
audio/x-twinvq
vql
audio/x-twinvq
vre
x-world/x-vream
vrml
x-world/x-vrml
vrt x-world/x-vrt
vrw
x-world/x-vream
vts
workbook/formulaone
wav
audio/x-wav
wax audio/x-ms-wax
wbmp
image/vnd.wap.wbmp
web
application/vnd.xara
wi
image/wavelet
wis
application/x-InstallShield
wm
video/x-ms-wm
wma audio/x-ms-wma
wmd
application/x-ms-wmd
wmf
application/x-msmetafile
wml
text/vnd.wap.wml
wmlc
application/vnd.wap.wmlc
wmls
text/vnd.wap.wmlscript
wmlsc
application/vnd.wap.wmlscriptc
wmlscript
text/vnd.wap.wmlscript
wmv
audio/x-ms-wmv
wmx
video/x-ms-wmx
wmz
application/x-ms-wmz
wpng
image/x-up-wpng
wpt x-lml/x-gps
wri
application/x-mswrite
wrl
x-world/x-vrml
wrz x-world/x-vrml
ws
text/vnd.wap.wmlscript
wsc
application/vnd.wap.wmlscriptc
wv
video/wavelet
wvx video/x-ms-wvx
wxl
application/x-wxl
x-gzip
application/x-gzip
xar
application/vnd.xara
xbm
image/x-xbitmap
xdm
application/x-xdma
xdma
application/x-xdma
xdw
application/vnd.fujixerox.docuworks
xht
application/xhtml+xml
xhtm
application/xhtml+xml
xhtml
application/xhtml+xml
xla
application/vnd.ms-excel
xlc
application/vnd.ms-excel
xll
application/x-excel
xlm
application/vnd.ms-excel
xls
application/vnd.ms-excel
xlt
application/vnd.ms-excel
xlw
application/vnd.ms-excel
xm
audio/x-mod
xml text/xml
xmz
audio/x-mod
xpi
application/x-xpinstall
xpm
image/x-xpixmap
xsit text/xml
xsl
text/xml
xul text/xul
xwd
image/x-xwindowdump
xyz
chemical/x-pdb
yz1
application/x-yz1
z
application/x-compress
zac
application/x-zaurus-zac
zip
application/zip