一些题外话,抱怨一下,不要介意。还是进入正题吧,我这里讨论很浅,仅仅是思路,以上传txt格式的文件为例,深层次的扩展这里就不讨论了,因此这篇文章只适合PHP初学者,对高手来说可能没有什么意义。好,我们开始。
首先要建立一个文件夹和两个文件,具体如下:
File —————— 文件夹,用于存放上传的文件。
choose.htm —————— htm文件,用于选择上传的文件。
upload.php —————— php文件,用于处理上传的文件。
第一步:建立 File 文件夹。
第二步:建立 choose.htm 文件,代码如下:
____________________________________________________________________________________________________________
<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FLIE_SIZE" value="1000000" />
上传此文件:
<input name="userfile" type="file" id="userfile" />
<input type="submit" name="Submit" value="上传" />
</form>
____________________________________________________________________________________________________________
第三步:建立 upload.php 文件,代码如下:
____________________________________________________________________________________________________________
<?php
//上传文件错误判定
if($_FILES['userfile']['error']>0)
{
echo '错误:';
switch($_FILES['userfile']['error'])
{
case 1: echo '文件尺寸超过允许的最大上传限度!'; break;
case 2: echo '文件尺寸超过允许的最大上传限度!'; break;
case 3: echo '只有部分文件被上传!'; break;
case 4: echo '没有任何文件被上传!'; break;
}
exit;
}
//上传文件格式判定
if($_FILES['userfile']['type'] !='text/plain')
{
echo '错误:非法文件格式!';
exit;
}
//设置文件保存路径
$upfile = './File/' . $_FILES['userfile']['name'];
if(is_uploaded_file($_FILES['userfile']['tmp_name']))
{
if(!move_uploaded_file($_FILES['userfile']['tmp_name'],$upfile))
{
echo '错误:没有将文件移动到指定目录!';
exit;
}
}
else
{
echo '错误:可能文件上传被攻击!文件名:';
echo $_FILES['userfile']['name'];
}
echo '文件上传成功!';
//格式化上传的文件
$fp = fopen($upfile,'r');
$contents = fread($fp,filesize($upfile));
fclose($fp);
$contents = strip_tags($contents);
$fp = fopen($upfile,'w');
fwrite($fp,$contents);
fclose($fp);
//显示上传文件内容
echo '上传文件的内容为:';
echo $contents;
?>
____________________________________________________________________________________________________________
测试一下:
1、建立一个 123.txt 文件,里面输入一些纯文本字符,比如 abc,上传成功!
2、我们再来试看其他后缀名,如.exe,.php,.htm之类的,只要非txt,就将导致失败!
3、把任意一个大于1M的文件名改为123.txt并上传,我们将发现超过限制大小的文件将导致上传失败!
4、将123.txt的内容改掉,删除所有内容,输入 <html>HTML code</html>,保存并上传,我们会发现上传失败!
5、将123.txt的内容改掉,删除所有内容,输入 <?php echo'PHP code'; ?>保存并上传,我们会发现 File 文件夹中有一个0字节的,没有任何内容的123.txt文件!
相关说明:
首先我们使用了检测MIME类型的方法,因此如果希望通过传一个错误的类型来蒙混过关,这对那些有恶意的用户来说还是很难的,但这只是错误检查,并非安全性检查,但起码这比简单的后缀名过滤的上传方法要安全一些。
之后我们检查要打开的文件是否已经真的被上传而且不是一个本地文件,因为有的恶意软件能够让侵入者修改文件上传脚本,使此脚本可以将本地文件当成上载的文件进行处理。我们使用 is_uploaded_file() 和 move_uploaded_file() 这两个函数来确保所处理的文件已经被上传,而非一个本地文件。
最后,我们打开这个文件,使用 strip_tags() 函数清除任何 HTML 或 PHP 标记,防止通过重重错误检查的 123.txt 仍然含有恶意代码。最后保存文件,直到这里,才真正的完成了整个上传工作。
补充说明:
有可能某些人看客对 upload.php 中的 switch 条件句有些模糊,不知道为什么要这么写,我在这里简单的补充说明一下:
$_FILES['userfile']['error']
值为0时:UPLOAD_ERROR_OK (表示没有发生任何错误)
值为1时:UPLOAD_ERR_INI_SIZE (表示上传文件的大小超过了PHP配置文件的最大值)
值为2时:UPLOAD_ERR_FORM_SIZE (表示上传文件的大小超过了HTML表单中指定的最大值)
值为3时:UPLOAD_ERR_PARTIAL (表示文件只有一部分被上传)
值为4时:UPLOAD_ERR_NO_FILE (表示没有任何的文件被上传)
好,那就到这里结束吧。再次重声,这仅仅是个很浅的思路,如果要真的运用到开发中去,还需要进行很多修改很完善,这个就得靠大家自己去研究了。还是那句话:有什么不足的地方,欢迎各位指正,让大家见笑了。
写这篇文章最根本的目的:希望能给需要的人一些微薄的帮助。我PHP也是自学的,知道其中的辛苦,所以自己虽然很菜菜,但是也要懂得去分享,也希望每个人都能这样:共同学习、共同进步。
自知这种文章多如牛毛,再烂好歹也是原创,所以……各位口下留情,小弟知错了,呵呵。
另外注意:enctype 属性规定在发送到服务器之前应该如何对表单数据进行编码。
<form action="form_action.asp"enctype="text/plain"> <p>First name: <input type="text" name="fname" /></p> <p>Last name: <input type="text" name="lname" /></p> <input type="submit" value="Submit" /> </form>
可以参考:http://www.w3school.com.cn/tags/att_form_enctype.asp
一下是文件后缀与MIME类型的对照表
123 application/vnd.lotus-1-2-3
3gp video/3gpp
aab application/x-authoware-bin
aam application/x-authoware-map
aas application/x-authoware-seg
ai application/postscript
aif audio/x-aiff
aifc audio/x-aiff
aiff audio/x-aiff
als audio/X-Alpha5
amc application/x-mpeg
ani application/octet-stream
asc text/plain
asd application/astound
asf video/x-ms-asf
asn application/astound
asp application/x-asap
asx video/x-ms-asf
au audio/basic
avb application/octet-stream
avi video/x-msvideo
awb audio/amr-wb
bcpio application/x-bcpio
bin application/octet-stream
bld application/bld
bld2 application/bld2
bmp application/x-MS-bmp
bpk application/octet-stream
bz2 application/x-bzip2
cal image/x-cals
ccn application/x-cnc
cco application/x-cocoa
cdf application/x-netcdf
cgi magnus-internal/cgi
chat application/x-chat
class application/octet-stream
clp application/x-msclip
cmx application/x-cmx
co application/x-cult3d-object
cod image/cis-cod
cpio application/x-cpio
cpt application/mac-compactpro
crd application/x-mscardfile
csh application/x-csh
csm chemical/x-csml
csml chemical/x-csml
css text/css
cur application/octet-stream
dcm x-lml/x-evm
dcr application/x-director
dcx image/x-dcx
dhtml text/html
dir application/x-director
dll application/octet-stream
dmg application/octet-stream
dms application/octet-stream
doc application/msword
dot application/x-dot
dvi application/x-dvi
dwf drawing/x-dwf
dwg application/x-autocad
dxf application/x-autocad
dxr application/x-director
ebk application/x-expandedbook
emb chemical/x-embl-dl-nucleotide
embl chemical/x-embl-dl-nucleotide
eps application/postscript
eri image/x-eri
es audio/echospeech
esl audio/echospeech
etc application/x-earthtime
etx text/x-setext
evm x-lml/x-evm
evy application/x-envoy
exe application/octet-stream
fh4 image/x-freehand
fh5 image/x-freehand
fhc image/x-freehand
fif image/fif
fm application/x-maker
fpx image/x-fpx
fvi video/isivideo
gau chemical/x-gaussian-input
gca application/x-gca-compressed
gdb x-lml/x-gdb
gif image/gif
gps application/x-gps
gtar application/x-gtar
gz application/x-gzip
hdf application/x-hdf
hdm text/x-hdml
hdml text/x-hdml
hlp application/winhlp
hqx application/mac-binhex40
htm text/html
html text/html
hts text/html
ice x-conference/x-cooltalk
ico application/octet-stream
ief image/ief
ifm image/gif
ifs image/ifs
imy audio/melody
ins application/x-NET-Install
ips application/x-ipscript
ipx application/x-ipix
it audio/x-mod
itz audio/x-mod
ivr i-world/i-vrml
j2k image/j2k
jad text/vnd.sun.j2me.app-descriptor
jam application/x-jam
jar application/java-archive
jnlp application/x-java-jnlp-file
jpe image/jpeg
jpeg image/jpeg
jpg image/jpeg
jpz image/jpeg
js application/x-javascript
jwc application/jwc
kjx application/x-kjx
lak x-lml/x-lak
latex application/x-latex
lcc application/fastman
lcl application/x-digitalloca
lcr application/x-digitalloca
lgh application/lgh
lha application/octet-stream
lml x-lml/x-lml
lmlpack x-lml/x-lmlpack
lsf video/x-ms-asf
lsx video/x-ms-asf
lzh application/x-lzh
m13 application/x-msmediaview
m14 application/x-msmediaview
m15 audio/x-mod
m3u audio/x-mpegurl
m3url audio/x-mpegurl
ma1 audio/ma1
ma2 audio/ma2
ma3 audio/ma3
ma5 audio/ma5
man application/x-troff-man
map magnus-internal/imagemap
mbd application/mbedlet
mct application/x-mascot
mdb application/x-msaccess
mdz audio/x-mod
me application/x-troff-me
mel text/x-vmel
mi application/x-mif
mid audio/midi
midi audio/midi
mif application/x-mif
mil image/x-cals
mio audio/x-mio
mmf application/x-skt-lbs
mng video/x-mng
mny application/x-msmoney
moc application/x-mocha
mocha application/x-mocha
mod audio/x-mod
mof application/x-yumekara
mol chemical/x-mdl-molfile
mop chemical/x-mopac-input
mov video/quicktime
movie video/x-sgi-movie
mp2 audio/x-mpeg
mp3 audio/x-mpeg
mp4 video/mp4
mpc application/vnd.mpohun.certificate
mpe video/mpeg
mpeg video/mpeg
mpg video/mpeg
mpg4 video/mp4
mpga audio/mpeg
mpn application/vnd.mophun.application
mpp application/vnd.ms-project
mps application/x-mapserver
mrl text/x-mrml
mrm application/x-mrm
ms application/x-troff-ms
mts application/metastream
mtx application/metastream
mtz application/metastream
mzv application/metastream
nar application/zip
nbmp image/nbmp
nc application/x-netcdf
ndb x-lml/x-ndb
ndwn application/ndwn
nif application/x-nif
nmz application/x-scream
nokia-op-logo image/vnd.nok-oplogo-color
npx application/x-netfpx
nsnd audio/nsnd
nva application/x-neva1
oda application/oda
oom application/x-AtlasMate-Plugin
pac audio/x-pac
pae audio/x-epac
pan application/x-pan
pbm image/x-portable-bitmap
pcx image/x-pcx
pda image/x-pda
pdb chemical/x-pdb
pdf application/pdf
pfr application/font-tdpfr
pgm image/x-portable-graymap
pict image/x-pict
pm application/x-perl
pmd application/x-pmd
png image/png
pnm image/x-portable-anymap
pnz image/png
pot application/vnd.ms-powerpoint
ppm image/x-portable-pixmap
pps application/vnd.ms-powerpoint
ppt application/vnd.ms-powerpoint
pqf application/x-cprplayer
pqi application/cprplayer
prc application/x-prc
proxy application/x-ns-proxy-autoconfig
ps application/postscript
ptlk application/listenup
pub application/x-mspublisher
pvx video/x-pv-pvx
qcp audio/vnd.qcelp
qt video/quicktime
qti image/x-quicktime
qtif image/x-quicktime
r3t text/vnd.rn-realtext3d
ra audio/x-pn-realaudio
ram audio/x-pn-realaudio
rar application/x-rar-compressed
ras image/x-cmu-raster
rdf application/rdf+xml
rf image/vnd.rn-realflash
rgb image/x-rgb
rlf application/x-richlink
rm audio/x-pn-realaudio
rmf audio/x-rmf
rmm audio/x-pn-realaudio
rmvb audio/x-pn-realaudio
rnx application/vnd.rn-realplayer
roff application/x-troff
rp image/vnd.rn-realpix
rpm audio/x-pn-realaudio-plugin
rt text/vnd.rn-realtext
rte x-lml/x-gps
rtf application/rtf
rtg application/metastream
rtx text/richtext
rv video/vnd.rn-realvideo
rwc application/x-rogerwilco
s3m audio/x-mod
s3z audio/x-mod
sca application/x-supercard
scd application/x-msschedule
sdf application/e-score
sea application/x-stuffit
sgm text/x-sgml
sgml text/x-sgml
sh application/x-sh
shar application/x-shar
shtml magnus-internal/parsed-html
shw application/presentations
si6 image/si6
si7 image/vnd.stiwap.sis
si9 image/vnd.lgtwap.sis
sis application/vnd.symbian.install
sit application/x-stuffit
skd application/x-Koan
skm application/x-Koan
skp application/x-Koan
skt application/x-Koan
slc application/x-salsa
smd audio/x-smd
smi application/smil
smil application/smil
smp application/studiom
smz audio/x-smd
snd audio/basic
spc text/x-speech
spl application/futuresplash
spr application/x-sprite
sprite application/x-sprite
spt application/x-spt
src application/x-wais-source
stk application/hyperstudio
stm audio/x-mod
sv4cpio application/x-sv4cpio
sv4crc application/x-sv4crc
svf image/vnd
svg image/svg-xml
svh image/svh
svr x-world/x-svr
swf application/x-shockwave-flash
swfl application/x-shockwave-flash
t application/x-troff
tad application/octet-stream
talk text/x-speech
tar application/x-tar
taz application/x-tar
tbp application/x-timbuktu
tbt application/x-timbuktu
tcl application/x-tcl
tex application/x-tex
texi application/x-texinfo
texinfo application/x-texinfo
tgz application/x-tar
thm application/vnd.eri.thm
tif image/tiff
tiff image/tiff
tki application/x-tkined
tkined application/x-tkined
toc application/toc
toy image/toy
tr application/x-troff
trk x-lml/x-gps
trm application/x-msterminal
tsi audio/tsplayer
tsp application/dsptype
tsv text/tab-separated-values
tsv text/tab-separated-values
ttf application/octet-stream
ttz application/t-time
txt text/plain
ult audio/x-mod
ustar application/x-ustar
uu application/x-uuencode
uue application/x-uuencode
vcd application/x-cdlink
vcf text/x-vcard
vdo video/vdo
vib audio/vib
viv video/vivo
vivo video/vivo
vmd application/vocaltec-media-desc
vmf application/vocaltec-media-file
vmi application/x-dreamcast-vms-info
vms application/x-dreamcast-vms
vox audio/voxware
vqe audio/x-twinvq-plugin
vqf audio/x-twinvq
vql audio/x-twinvq
vre x-world/x-vream
vrml x-world/x-vrml
vrt x-world/x-vrt
vrw x-world/x-vream
vts workbook/formulaone
wav audio/x-wav
wax audio/x-ms-wax
wbmp image/vnd.wap.wbmp
web application/vnd.xara
wi image/wavelet
wis application/x-InstallShield
wm video/x-ms-wm
wma audio/x-ms-wma
wmd application/x-ms-wmd
wmf application/x-msmetafile
wml text/vnd.wap.wml
wmlc application/vnd.wap.wmlc
wmls text/vnd.wap.wmlscript
wmlsc application/vnd.wap.wmlscriptc
wmlscript text/vnd.wap.wmlscript
wmv audio/x-ms-wmv
wmx video/x-ms-wmx
wmz application/x-ms-wmz
wpng image/x-up-wpng
wpt x-lml/x-gps
wri application/x-mswrite
wrl x-world/x-vrml
wrz x-world/x-vrml
ws text/vnd.wap.wmlscript
wsc application/vnd.wap.wmlscriptc
wv video/wavelet
wvx video/x-ms-wvx
wxl application/x-wxl
x-gzip application/x-gzip
xar application/vnd.xara
xbm image/x-xbitmap
xdm application/x-xdma
xdma application/x-xdma
xdw application/vnd.fujixerox.docuworks
xht application/xhtml+xml
xhtm application/xhtml+xml
xhtml application/xhtml+xml
xla application/vnd.ms-excel
xlc application/vnd.ms-excel
xll application/x-excel
xlm application/vnd.ms-excel
xls application/vnd.ms-excel
xlt application/vnd.ms-excel
xlw application/vnd.ms-excel
xm audio/x-mod
xml text/xml
xmz audio/x-mod
xpi application/x-xpinstall
xpm image/x-xpixmap
xsit text/xml
xsl text/xml
xul text/xul
xwd image/x-xwindowdump
xyz chemical/x-pdb
yz1 application/x-yz1
z application/x-compress
zac application/x-zaurus-zac
zip application/zip