我想保护网站免受客户的侵害,无法上传大于2MB的图片,如果这样做,请收到我设计的错误。我创建的代码就是这样,但是不起作用,如果大小大于2MB,请跳过将他发送到" error.php"的限制,我尝试上传文件,并显示一个arters列表
<?php session_start();
include("includes/conexiones.php");
$sql="SELECT * FROM trabajos ORDER BY id DESC LIMIT 1" ;
$resultado=mysql_query($sql);
$fila=mysql_fetch_array($resultado);
$lastid=$fila["id"];
$prefijo=$lastid+1;
if ($_POST["cserv"]!=""){
$servicio=$_POST["cserv"];}
if ($_POST["cdirv"]!=""){
$direccion=$_POST["cdirv"];}
if ($_POST["cobserv"]!=""){
$observaciones=$_POST["cobserv"];}
if ($_FILES["cfoto"]!=""){
$foto=$_FILES["cfoto"]["name"];
$nombrefoto=$prefijo.$foto;
$Upload=$_FILES["cfoto"]["name"];
$Type=$_FILES["cfoto"]["type"];
$Size=$_FILES["cfoto"]["size"];
}
if($Size > 2097152){
header("location:error.php");
}
if($Size < 2097152){
$fototmp=$_FILES["cfoto"]["tmp_name"];
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=600;
$nuevoalto=600*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/grandes/".$nombrefoto);
$fototmp=$_FILES["cfoto"]["tmp_name"];
list($ancho, $alto)=getimagesize($fototmp);
$nuevoancho=144;
$nuevoalto=144*$alto/$ancho;
$nuevaimg=imagecreatetruecolor($nuevoancho, $nuevoalto);
$idnuevaimg=imagecreatefromjpeg($fototmp);
imagecopyresized($nuevaimg,$idnuevaimg,0,0,0,0,$nuevoancho,$nuevoalto,$ancho,$alto);
imagejpeg ($nuevaimg,"imagenes/peques/".$nombrefoto);
$sql="INSERT INTO trabajos (servicio, direccion, observaciones, foto) VALUES ('$servicio', '$direccion', '$observaciones', '$nombrefoto')";
mysql_query($sql);
$idtrabajo=mysql_insert_id();
header("location:insertartrabajo2.php?vid=$idtrabajo");
}
?>
如果有人有更好的解决方案,我愿意接受建议。
谢谢
打开您的php.ini文件,然后将参数upload_max_filesize更新为2M
这样:
upload_max_filesize = 2M
保存,退出文件并重新启动apache。
如果您无法访问php.ini,则将以下行添加到.htaccess文件
php_value upload_max_filesize 2M
我不会依靠$_FILES变量,因为恶意用户几乎可以覆盖该变量中的每个值。
当用户的上传超过upload_max_filesize时,您只需要在$_FILES['cfoto']['error']中检查即可。
检查此值是否是upload_err_ini_size,以检测文件是否大于php.ini/.htaccess中定义的最大大小:
if($_FILES['cfoto']['error'] == UPLOAD_ERR_INI_SIZE) {
// redirect to your error screen
} else {
// proceed as normal
}
用于检测文件大小的使用此代码
$fileSize = $_FILES["avatar"]["size"];
并将此代码用于您想要的尺寸...
if($fileSize > 1048576) {
header("location: ../message.php?msg=ERROR: Your image file was larger than 1mb");
exit();
}
和messages.php是
<?php
$message = "";
$msg = preg_replace('#[^a-z 0-9.:_()]#i', '', $_GET['msg']);
if($msg == "activation_failure"){
$message = '<h2>Activation Error</h2> Sorry there seems to have been an issue activating your account at this time. We have already notified ourselves of this issue and we will contact you via email when we have identified the issue.';
} else if($msg == "activation_success"){
$message = '<h2>Activation Success</h2> Your account is now activated. <a href="login.php">Click here to log in</a>';
} else {
$message = $msg;
}
?>
<div><?php echo $message; ?></div>