提交给self时防止PHP脚本被执行

Question

我有这个表格：

<form name="commentform" id="commentform" action="comment.php" method="post" 
enctype="multipart/form-data">

Your Name: 
<textarea maxlength="60" rows="1" cols="62" class="margin" name="name" 
id="name"> </textarea> <br><br>

Submit Picture
<input type="file" name="pic" id="pic" /> <br><br>

<input type="Submit" value="Submit" />
</form>

这是验证图片的 PHP（来自 W3Schools.com）：

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
  {
  echo $_FILES["file"]["name"] . " already exists. ";
  }
else
  {
  move_uploaded_file($_FILES["file"]["tmp_name"],
  "upload/" . $_FILES["file"]["name"]);
  echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
  }
  }
  }
  else
  {
  echo "Invalid file";
  }
  ?>

我是将表单提交到同一页面，因此网页加载后立即执行 PHP。提交表单后如何使其加载？此外，此脚本似乎不起作用。

Answer 1

在处理文件上传之前，您需要检查您的表单是否已提交：

if ( isset($_POST['pic'])) {

  //save file here.

}

编辑：看起来您没有引用正确的 POST 变量 - 您的表单中有一个名为“pic”的文件元素，但您在 PHP 代码中引用的 $_POST['file'] 将不存在。

另外：如果你是从 PHP 开始的，（恕我直言）W3Schools.com 是最糟糕的地方 - 我已经看到了不应该在那里编写代码的非常糟糕的例子..

Answer 2

<?php

if( isset( $_POST( 'submit' ) ) ){ // Check form is submitted or not 

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
  {
  echo $_FILES["file"]["name"] . " already exists. ";
  }
else
  {
  move_uploaded_file($_FILES["file"]["tmp_name"],
  "upload/" . $_FILES["file"]["name"]);
  echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
  }
  }
  }
  else
  {
  echo "Invalid file";
  }
}
  ?>

Answer 3

将此添加到页面顶部：

<?php $action = $_GET['action']; ?>

您的新表单：

<form name="commentform" id="commentform" action="comment.php?action=go" method="post" enctype="multipart/form-data">
Your Name: <textarea maxlength="60" rows="1" cols="62" class="margin" name="name" id="name"> </textarea> <br><br>

Submit Picture<input type="file" name="pic" id="pic" /> <br><br>
<input type="Submit" value="Submit" />
</form>

还有动作脚本：

<?php
if (isset($action) && $action == 'go'){
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) {
if ($_FILES["file"]["error"] > 0){
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}else{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))  {
echo $_FILES["file"]["name"] . " already exists. ";  
}else{  
move_uploaded_file($_FILES["file"]["tmp_name"],  "upload/" . $_FILES["file"]["name"]);  
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];  
}  
}  
}else{  
echo "Invalid file";  
}  
}
?>