在 Web 服务器上上传和移动图像文件 - 图像未上传答案

【问题标题】：Uploading and moving image files on web server - Image not uploaded在 Web 服务器上上传和移动图像文件 - 图像未上传
【发布时间】：2013-01-26 09:46:42
【问题描述】：

我看不到目标文件夹中上传的任何图像。我也试过 if (move_uploaded_file($HTTP_POST_FILES['memphoto']['tmp_name'], $target.$HTTP_POST_FILES['memphoto']['name'])) 而不是 if(copy($_FILES['photo'] ['tmp_name'], $uploadimages)) 但没有得到任何结果。谁能帮帮我。

<?php
  if ((isset($_FILES['photo']) && ($_FILES['photo']['size'] > 0)) 
  {
   $typ = $_FILES['photo']['type'];
   if($typ == "image/gif" || $typ == "image/png" || $typ == "image/jpeg" || $typ ==  "image/pgif" || $typ == "image/ppng" || $typ =="image/pjpeg" || $typ =="image/jpg")
   {
        $uploaddir = "images/";
        $uploadimages = $uploaddir.basename($_FILES['photo']['name']);
        if(copy($_FILES['photo']['tmp_name'], $uploadimages))
        {
           echo "File successfully copied";
           $query = "UPDATE $tbl_name SET photo='$uploadimages WHERE ID='$ID' ";
           if (!mysql_query($query))
           {
              die('Error: ' . mysql_error());
              mysql_close();
           }
        }
        else{echo "Copy unsuccessful";}
    }
    else{
                echo "Incorrect file type";
    }             

  }
  else {
  echo "No Photo/Signature file selected/uploaded.";
   }
?>

【问题讨论】：

你检查你的错误日志了吗？
在对上传的文件进行任何操作之前，您真的应该check $_FILES['photo']['error']。并且强烈建议使用move_uploaded_file() 而不是copy()。
你的目标目录是可写的吗？
您的脚本似乎容易受到 SQL 注入和任意文件上传（包括 PHP 文件）的攻击。

标签： php

【解决方案1】：

我总是使用move_uploaded_file()将上传的图片移动到目标目录。

$uploadimages = $uploaddir.$_FILES['photo']['name'];
if(move_uploaded_file($_FILES['photo']['tmp_name'], $uploadimages)){
    echo 'uploaded';
}else{
    echo 'upload failed';
}

确保您的表单标签中有enctype="multipart/form-data"。

<form method="post" enctype="multipart/form-data">

【讨论】：

【解决方案2】：

index.php

    <form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST" enctype="multipart/form-data">
      Select image to upload:
      <input type="file"   name="photo" />
      <input type="submit" name="submit" value="Upload Image" />
    </form>

<?php
  $file_dir  = "uploads";

  /* Check if folder not exists, then create it */
  if (!file_exists($file_dir)) {
    mkdir($file_dir, 0777, true);
  }

  if (isset($_POST["submit"])) {    

    $file_name   = $_FILES['photo']['name'];
    $file_size   = $_FILES['photo']['size'];
    $file_tmp    = $_FILES['photo']['tmp_name'];
    $file_error  = $_FILES['photo']['error'];
    $file_type   = $_FILES['photo']['type'];

    /* check if files error = 0 [there are file uploaded] */
    if ($file_error === UPLOAD_ERR_OK) {

      /* location file save */
      $file_target = $file_dir .  DIRECTORY_SEPARATOR .  $file_name; /* DIRECTORY_SEPARATOR = / or \ */

      $file_secure = array('image/gif', 'image/pgif', 'image/png', 'image/ppng', 'image/jpeg', 'image/pjpeg', 'image/jpg');

      $errors = [];

      /* Check if file already exists */
      if (file_exists($file_target)) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> already exists.";
      }

      /* Check file size */
      if ($file_size == 0) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> = {$file_size}";
      }

      /* Check current file formats with file secure */
      if (in_array($file_type, $file_secure) === false) {
        $errors[] = "Sorry, <strong>{$file_current}</strong> type not allowed";         
      }

      /* Check if image file is a actual image or fake image ['mime'] */            
      if (getimagesize($file_tmp) == false) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> is not an image.";
      }

      /* Check for Error */
      if (!empty($errors)) {                            

        /* Check errors and display them */                 
        foreach ($errors as $key => $value) {
          echo "$key = $value <br />";
        }

        echo "<br />";
        echo "<strong>{$file_name}</strong> could not uploaded. <hr />";                            

      /* if everything is ok, try to upload file */
      } else {

        if (move_uploaded_file($file_tmp, $file_target)) {

          echo "<strong>{$file_name}</strong> successfully copied.";

          /* update file_target into database */                                    
          $query = "UPDATE {$tbl_name} SET photo={$file_target} WHERE ID={$ID} ";
          if (!mysql_query($query)) {
            die('Error: ' . mysql_error());
            mysql_close();
          } else {
            echo "<strong>{$file_name}</strong> has been save into database.";                                          
          }                                 

        } else {

          echo "Sorry, <strong>{$file_name}</strong> UNsuccessfully copied.";

        }

      }                 

    /* check if files error = 4 [there are NOT file uploaded] */                    
    } else { /* UPLOAD_ERR_NO_FILE */

      echo "No file was uploaded";

    }

  }    
?>

【讨论】：