为什么我的文件没有被加载?

时间:2013-03-13 04:56:25

标签: php ajax html5 forms upload

我只是想上传一个文件,但没有任何工作。

 <!DOCTYPE html>
 <html><body>

            <form id="exp" enctype = "multipart/form-data" action="../cgi-bin/uploadPic.php">
                <input type="file" id="profilePic2" name="newPic"></input> <br /><br /><br />
                <input type="submit" value="Upload Pic" style="color:black;"></input>
            </form>
  </body></html>

我的php文件正在执行中。请注意草率的代码,我试图通过echo进行调试。

 <html>
 <body>
 <?php

$loadFile = true; // error code
$allowedExts = array("jpg","jpeg","gif","png");
$extension = end(explode(".", $_FILES["newPic"]["name"]));

$file = $_FILES["newPic"];
$picIncluded = false;

if((    ($_FILES["newPic"]["type"] == "image/gif")
||  ($_FILES["newPic"]["type"] == "image/jpeg")
||  ($_FILES["newPic"]["type"] == "image/png")
||  ($_FILES["newPic"]["type"] == "image/pjpeg"))
&&  ($_FILES["newPic"]["size"] < 5000000)
&&  in_array($extension, $allowedExts)){
    if($_FILES["newPic"]["error"] > 0){
        echo "pnl"; // error code returned to client
    }
    else if(file_exists("../profile-pics/" . $file["name"])){
        echo "pld"; // picture loaded duplicate
    } else {
        $picIncluded = true;
        echo "finally";
        if(move_uploaded_file($file["name"]["tmp_name"],"./" . $file["name"])){
            echo "Success again!";
        }
        $path = "../profile-pics/" . $file["name"];
    }
}
if(is_uploaded_file($_FILES["newPic"]["name"]["tmp_name"])){
    echo "Good news!";
}

 ?>

 </body>
 </html>

无论如何,函数move_uploaded_file()返回false,因为它找不到临时文件。 is_uploaded_file()也返回false。我的扩展和一切都是正确的,但仍无济于事,没有文件上传。我该怎么调试呢?

2 个答案:

答案 0 :(得分:5)

更改此

if(move_uploaded_file($file["name"]["tmp_name"],"./" . $file["name"])){

if(move_uploaded_file($file["tmp_name"],"./" . $file["name"])){

因为您已分配

$file = $_FILES["newPic"];

答案 1 :(得分:2)

同样,对于安全检查,您必须在上传之前检查is_uploaded_file():

if(is_uploaded_file($_FILES["newPic"]["tmp_name"])){
 if(move_uploaded_file($_FILES["newPic"]["tmp_name"],"../profile-pics/" . $file["name"])){
  echo 'file uploaded...';
 }
}else{
  echo "Possible file upload attack: ";
}