PHP文件上传大小和类型不工作

Question

其实，我已经开发了一个CMS来张贴到我的网站通过.. 对于post image我想设置500KB的限制，只允许GIF，JPEG，JPG和PNG格式此代码执行成功，警报也出现。但是当图像上传包含允许的格式和大小时，它会再次显示警报消息。我使用的exit();函数在此处是否正确？ 的HTML是：

<div class="form-container"> 
    <form method="post" action="publish_post.php" enctype="multipart/form-data"> 
    <input class="inputs" type="text" name="p_title" placeholder="What's the post title"/> 
    <input class="inputs" type="text" name="p_author" placeholder="Who's the post author"/> 
    <select class="input" name="p_category" size="1" /> 
     <option value="null">Select post category</option> 
     <option value="softwares">Softwares</option> 
     <option value="tips & tricks">Tips & tricks</option> 
     <option value="wallpapers">Wallpapers</option> 
     <option value="walpapers_more">Walpapers_more</option> 
    </select> 
    <textarea name="p_content" placeholder="What's the post content"></textarea> 
    <textarea name="p_misc" placeholder="Enter an html code"></textarea> 
    <textarea name="p_video" placeholder="Enter an embed code"></textarea> 
    </br> 
    <div class="upload"> 
    <input type="file" name="p_image" title="Pick an image for post"/> 
    </div></br> 
     <span style="margin-left: 5px; color: gray; font-family: sans-serif; font-size: .8em; ">max. size 5MB 
     </span></br></br> 
    <input type="submit" name="pub" value="Publish"/> 
    <input type="button" name="cancel" value="Cancel" onclick="window.open('dashboard','_self');"/> 
    </form> 
</div> 

的PHP是：

<?php 
if(isset($_POST['pub'])){ 

    $category = mysqli_real_escape_string($con,$_POST['p_category']); 
    $author = mysqli_real_escape_string($con,$_POST['p_author']); 
    $title = mysqli_real_escape_string($con,$_POST['p_title']); 
    $content = mysqli_real_escape_string($con,$_POST['p_content']); 
    $image_name = $_FILES['p_image']['name']; 
    $image_type = $_FILES['p_image']['type']; 
    $image_size = $_FILES['p_image']['size']; 
    $image_tmp = $_FILES['p_image']['tmp_name']; 
    $date = date("M,d,Y"); 
    $misc = $_POST['p_misc']; 
    $video = $_POST['p_video']; 

    if($image_type != "jpg" && $image_type != "png" && $image_type != "gif" && $image_type != "jpeg" && $image_size>500000) 
    { 
     echo "<script>alert('Image size is larger or invlaid format');</script>"; 
     exit(); 
    } 

$query = "INSERT INTO `me`(`post_category`, `post_author`, `post_title`, `post_content`, `post_image`, `post_date`, `post_misc`, `post_video`) VALUES ('$category','$author','$title','$content','$image_name','$date','$misc','$video')"; 

    if(mysqli_query($con,$query)) 
    { 
    move_uploaded_file($image_tmp,"images/$image_name"); 
    header("location:dashboard?done2=done2.png"); 
    } 
    } 
?> 

Answer 1

//图像类型的

$expensions= array("jpeg","jpg","png","gif"); 
if(in_array($image_type,$expensions)=== false){ 
    echo "<script>alert('Image size is larger or invlaid format');</script>"; 
    exit(); 
} 

//图像大小

if($image_size > 500000){ 
    echo "<script>alert('Image size is larger or invlaid format');</script>"; 
    exit(); 
} 

我希望这将是有益的

Answer 2

中，如果尝试这种情况：

unset($_POST); 
exit("<script>alert('Image size is larger or invlaid format');</script>"); 

，并确保您插入查询将看起来像这样

$query = "INSERT INTO `me`(`post_category`, `post_author`, `post_title`, `post_content`, `post_image`, `post_date`, `post_misc`, `post_video`) VALUES ('".$category."','".$author."','".$title."','".$content."','".$image_name."','".$date."','".$misc."','".$video."')"; 

Answer 3

if(($image_type != "image/jpeg" && $image_type != "image/png" && $image_type != "image/gif") || $image_size > 500000) 
{ 
    echo "<script>alert('Image size is larger or invalid format');</script>"; 

} 
else 
{ 
    echo "<script>alert('valid format');</script>"; 
} 

Answer 4

条件无法正常工作。请尝试此代码。如果您有更多条件，请尝试这种方式。

if(($image_type != "jpg") && ($image_type != "png") && ($image_type != "gif") && ($image_type != "jpeg") && ($image_size>500000)) 
{ 
    echo "<script>alert('Image size is larger or invlaid format');</script>"; 
    exit(); 
}