Phát triển web với PHP và MySQL - p 39

Interacting with the File System and the Server CHAPTER 16 355 LISTING ”; $fp = fopen($upfile, “r”); $contents = fread ($fp, filesize ($upfile)); fclose ($fp); $contents = strip_tags($contents); $fp = fopen($upfile, “w”); fwrite($fp, $contents); fclose($fp); 356 Advanced PHP Techniques PART IV LISTING Continued echo “Preview of uploaded file contents:”; | Interacting with the File System and the Server 355 Chapter 16 Listing Continued 16 if userfile none echo Problem no file uploaded exit if userfile_size 0 echo Problem uploaded file is zero length exit if userfile_type text plain echo Problem file is not plain text exit if is_uploaded_file userfile echo Problem possible file upload attack exit upfile home book uploads . userfile_name if copy userfile upfile echo Problem Could not move file into directory exit Interacting with the File System and the Server echo File uploaded successfully br br fp fopen upfile r contents fread fp filesize upfile fclose fp contents strip_tags contents fp fopen upfile w fwrite fp contents fclose fp 356 Advanced PHP Techniques Part IV Listing Continued echo Preview of uploaded file contents br hr echo contents echo br hr body html This function is from the PHP manual. is_uploaded_file is built into . Prior to that we can use this code. function is_uploaded_file filename if tmp_file get_cfg_var upload_tmp_dir tmp_file dirname tempnam tmp_file . . basename filename User might have trailing slash in . return ereg_replace tmp_file filename Interestingly enough most of this script is error checking. File upload involves potential security risks and we need to mitigate these where possible. We need to validate the uploaded file as carefully as possible to make sure it is safe to echo to our visitors. Let s go through the main parts of the script. First we check whether userfile is none . This is the value set by PHP if no file was uploaded. We also test that the file has some content by testing that userfile_size is greater than 0 and that the content is of the right type by testing userfile_type . We then check that the file we are trying to open has actually been uploaded and is not a local file such as etc passwd. We ll come back to this in a moment. If that all works out okay we then copy the file into our include directory. We use home book uploads in this .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.