【发布时间】:2017-12-25 20:16:35
【问题描述】:
<?php
if(isset($_POST["submit-post"])){
$desc = $_POST['description'];
if (strpos($desc, "'") !== false) {
$desc = str_replace("'", "_", $desc);
}
$sql_home = "INSERT INTO home (description) VALUES ('$desc');";
if($conn->query($sql_home) === TRUE){ echo "<br>Great!<br>"; }
else{ echo("<br>Nope!<br> "); }
$uploaddir = $_SERVER['DOCUMENT_ROOT']. '/imgs/home/';
$uploadfile = $uploaddir . basename($_FILES['image']['name']);
if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded. <br>";
} else {
echo "Possible file upload attack! <br>";
echo "$uploadfile <br>";
}
echo '<br>Here is some more debugging info: ';
print_r($_FILES);
echo "<br>";
error_reporting(-1); ini_set("display_errors", true); //?
}
?>
每次我尝试上传图片 (.jpg) 时,它都会显示“可能的文件上传攻击!”。帮助。 给我两个警告:
Warning: move_uploaded_file(/var/www/html/imgs/home/calcetto.jpg): failed to open stream: Permission denied in /var/www/html/admin/db/manage.php on line 199
Warning: move_uploaded_file(): Unable to move '/tmp/phpGvLsAC' to '/var/www/html/imgs/home/calcetto.jpg' in /var/www/html/admin/db/manage.php on line 199
请注意:
- 我尝试了绝对路径和相对路径;
- php.ini:file_uploads = 开启
- 我从 php.net 复制并粘贴了代码
- 这个文件是
/var/www/html/admin/db/manage.php - 要上传的图片在这里:
/var/www/html/imgs/home
这里是html:
<form action="" method="post" enctype="multipart/form-data">
<textarea name='description' placeholder='Image description'></textarea><br>
<input type="file" name="image"><br><br>
<input type='submit' name='submit-post' value='Upload'></input>
</form>
【问题讨论】:
-
在php启动后写
error_reporting(-1); ini_set("display_errors", true);你会得到错误。 -
检查目录是否有写权限
-
"uploaddir" 位于您定义的正确位置?
-
你真的应该检查上传路径。
-
@TarangP 是的。
标签: php file-upload image-uploading