-2
好了,所以这是我上传的文件如何允许在PHP脚本上传仅编程语言扩展
$target = "cloud/";
$target = $target . basename($_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename($_FILES['uploaded']['name']). " has been uploaded";
mysql_query("INSERT INTO data (`id`,`title`,`url`,`display`) VALUES ('NULL','". basename($_FILES['uploaded']['name']). "','http://test.info/". basename($_FILES['uploaded']['name']). "','1');");
}
else {
echo "error";
}
我应该添加什么允许像html的.PHP的.cpp,因此只有扩展脚本?
@jprofitt:我不会依赖$ _FILE ['image'] ['type'],因为这个值是由浏览器发送的,攻击者可以伪造它。 –
@AmalMurali以下是[几个](http://stackoverflow.com/questions/12864171/only-allow-jpg-and-png-files-only?lq=1)[other](http://stackoverflow.com/questions/10070465/php-allowable-uploaded-file-extension?lq = 1)[questions](http://stackoverflow.com/questions/10456113/php-check-file-extension-in-upload-form?rq = 1),在这里可以更好地适应这个问题。 – jprofitt
@jprofitt:他们使用exif_imagetype(仅用于图像),OP希望检查扩展名,如html,php等。 –