当我尝试上传图像时,会发生以下错误:
错误消息:警告:由于安全原因,系统()已在H:\root\home\folder-001\www\MYSITE\ad\funch_add.php 中禁用
我的代码:
<?
if(1>2){
?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-9" />
<?
}
?>
<?
function ImageNameCorrection($str){
$myCheck = array(" ","ç", "Ç", "İ","i","Ş","ş","Ö","ö","Ü","ü","Ğ","ğ");
$myReplace = array("","c", "C", "I","i","S","s","O","o","U","u","G","g");
$newStr = str_replace($myCheck, $myReplace, $str);
return $newStr;
}
function Db_Add_Main($TbID){
include "general/gen_tb_str.php";
include "database/dbconnection.php";
include_once "function/func_general.php";
$sql_Text = "insert into $TableName[$TbID] (";
for($FiledCount=1;$FiledCount<count($TableField[$TbID]);$FiledCount++ ){
$sql_Text = $sql_Text.$TableField[$TbID][$FiledCount];
if($FiledCount+1<>count($TableField[$TbID])){
$sql_Text = $sql_Text.', ';
}
}
$sql_Text = $sql_Text.') values(';
for($FiledCount=1;$FiledCount<count($TableField[$TbID]);$FiledCount++ ){
$CrSql_Text_Addition = Str_Correction($_POST[$TableField[$TbID][$FiledCount]]);
$sql_Text = $sql_Text."'".$CrSql_Text_Addition."'";
if($FiledCount+1<>count($TableField[$TbID])){
$sql_Text = $sql_Text.', ';
}
}
$sql_Text = $sql_Text.")";
//echo $sql_Text;
if($sql_Quary = mysql_db_query($db, $sql_Text, $baglanti)){
return true;
}else{
return false;
}
}
function Db_Add_Image_File($i){
include "database/dbconnection.php";
include "common.php";
$Return_Text = "";
$MyDate = date("Y-m-d");
$_FILES['imagefile'.$i]['name']=Str_Correction_Tr($_FILES['imagefile'.$i]['name']);
$_FILES['imagefile'.$i]['name']=Str_Correction_Space($_FILES['imagefile'.$i]['name'],"");
$upfile="/www/hostings/konline/MYSITEFTP/MYSITE.com/www/html/ad/".$Image_Dir.$_POST['ContentID'].$_FILES['imagefile'.$i]['name'];
//$upfile="C:/php521/apache2/htdocs/MYSITE.com/www/html/ad/".$Image_Dir.$_POST['ContentID'].$_FILES['imagefile'.$i]['name'];
if($upfile<>$Image_Dir){
$Up_Big_Image = $_POST['ContentID'].$_FILES['imagefile'.$i]['name'];
$ImageDesc=$_POST['ImageDesc'.$i];
$ImageRecOrder=$_POST['RecOrder'.$i];
//if($_FILES['imagefile'.$i]['type'] == "image/pjpeg" || $_FILES['imagefile'.$i]['type'] == "image/gif"){
if($_FILES['imagefile'.$i]['size']/1024 <= $File_Max_Size){
$src_f = $_FILES['imagefile'.$i]['tmp_name'];
system("cp $src_f $upfile");
//if(copy($_FILES['imagefile'.$i]['tmp_name'],$upfile)){
if(file_exists($upfile)){
//copy($_FILES['imagefile'.$i]['tmp_name'],$upfile);
$Return_Text = $upfile." -- ".$_FILES['imagefile'.$i]['tmp_name']." - "."Image $i Succesfully Uploaded..";
// Note where 'Get' and 'request' tags are in the XML
$sql_Text = "insert into ContentImages (ImageName, ImageDate,ImageDescription,ContentID,RecOrder) values ('$Up_Big_Image','$MyDate','$ImageDesc','$_POST[ContentID]','$ImageRecOrder');";
//echo $i."<br>";
$sql_Query = mysql_db_query($db, $sql_Text, $baglanti);
}else{
//$Return_Text ="<b>Error..</b>Invalid Operation.. Please Try Again"." - ".$_FILES['imagefile'.$i]['tmp_name']."<br>";
}
}else{
$Return_Text ="<b>Error...</b> Exceed Maximum File Size. Please Upload Maximum $File_Max_Size k Image Files";
}
//}else{
//$Return_Text = "<b>Error...</b> Invalid File Type.Please Upload only 'jpg' or 'gif' Files";
//}
}else{
$Return_Text = "Do Not Selected Any File for Image $i";
}
return $Return_Text;
}
function Db_Add_Image_Slide($i){
include "database/dbconnection.php";
include "common.php";
$Return_Text = "";
$MyDate = date("Y-m-d");
$_FILES['imagefile'.$i]['name']=Str_Correction_Tr($_FILES['imagefile'.$i]['name']);
$_FILES['imagefile'.$i]['name']=Str_Correction_Space($_FILES['imagefile'.$i]['name'],"");
$upfile=$Image_Dir."IS_".$_FILES['imagefile'.$i]['name'];
//$upfile="C:/php521/apache2/htdocs/MYSITE.com/www/html/ad/".$Image_Dir."IS_".$_FILES['imagefile'.$i]['name'];
$upfile="/www/hostings/konline/MYSITE9ftp/MYSITE.com/www/html/ad/".$Image_Dir."IS_".$_FILES['imagefile'.$i]['name'];
if($upfile<>$Image_Dir){
$Up_Big_Image = "IS_".$_FILES['imagefile'.$i]['name'];
// echo $Up_Big_Image;
$ImageDesc=$_POST['ImageDesc'.$i];
$ImageRecOrder=$_POST['RecOrder'.$i];
//if($_FILES['imagefile'.$i]['type'] == "image/pjpeg" || $_FILES['imagefile'.$i]['type'] == "image/gif"){
if ($_FILES['imagefile'.$i]['size']/1024 <= $File_Max_Size) {
// echo $_FILES['imagefile'.$i]['tmp_name']."----".$upfile;
// if(copy($_FILES['imagefile'.$i]['tmp_name'],$upfile)){
$src_f = $_FILES['imagefile'.$i]['tmp_name'];
system("cp $src_f $upfile");
if( file_exists($upfile)){
$sql_Text = "insert into ImageSlide (ImageName, ImageDate,ImageDescription,ContentID,RecOrder,ImageText,ImageLink) values ('$Up_Big_Image','$MyDate','$ImageDesc','$_POST[ContentID]','$ImageRecOrder','','');";
//echo $sql_Text;
$sql_Query = mysql_db_query($db, $sql_Text, $baglanti);
$Return_Text = "Image $i Succesfully Uploaded..";
}else{
$Return_Text ="<b>Error..</b>Invalid Operation.. Please Try Again";
}
}else{
$Return_Text ="<b>Error...</b> Exceed Maximum File Size. Please Upload Maximum $File_Max_Size k Image Files";
}
//}else{
//$Return_Text = "<b>Error...</b> Invalid File Type.Please Upload only 'jpg' or 'gif' Files";
//}
}else{
$Return_Text = "Do Not Selected Any File for Image $i";
}
return $Return_Text;
}
function Db_Add_File($id){
include "database/dbconnection.php";
include_once "function/func_general.php";
include "common.php";
$Return_Text = "";
$MyDate = date("Y-m-d");
$upfile=$Image_Dir.$id."_".$_POST['FileCategory'].ImageNameCorrection($_FILES['FileName']['name']);
if($upfile<>$Image_Dir){
$Up_Big_Image = $id."_".$_POST['FileCategory'].ImageNameCorrection($_FILES['FileName']['name']);
if($_FILES['FileName']['size']/1024 <= $File_Max_Size2){
if(copy($_FILES['FileName']['tmp_name'],$upfile)){
$sql_Text = "insert into ContentFile (ReservationMasterID, FileName, FileCategory, FileDescription, FileDate) values ('$_POST[ReservationMasterID]','$Up_Big_Image','$_POST[FileCategory]','$_POST[FileDescription]','$_POST[FileDate]');";
$sql_Query = mysql_db_query($db, $sql_Text, $baglanti);
$Return_Text = "Image $i Succesfully Uploaded..";
}else{
$Return_Text ="<b>Error..</b>Invalid Operation.. Please Try Again";
}
}else{
$Return_Text ="<b>Error...</b> Exceed Maximum File Size. Please Upload Maximum $File_Max_Size k Image Files";
}
}else{
$Return_Text = "Do Not Selected Any File for Image $i";
}
return $Return_Text;
}
function add_HotelPrice($HotelID,$RoomID,$BoardBasisID){
include "database/dbconnection.php";
include "common.php";
$RoomPriceAdd_SqlText = "insert into RoomPrice (
RoomID,
RoomHotelID,
RoomBoardBasis,
PriceStartDate,
PriceFinishDate,
Price,
ProfitMargin
) values (
'$RoomID',
'$HotelID',
'$BoardBasisID',
'$_POST[PriceStartDate]',
'$_POST[PriceFinishDate]',
'$_POST[Price]',
'$_POST[ProfitMargin]'
)";
$RoomPriceAdd_Query = mysql_db_query($db, $RoomPriceAdd_SqlText, $baglanti) or die("Sorgu hatali3");
}
function add_HotelAvailability($HotelID,$RoomID,$BoardBasisID){
include "database/dbconnection.php";
include "common.php";
$RoomPriceAdd_SqlText = "insert into RoomAvailability (
RoomID,
RoomHotelID,
RoomBoardBasis,
PriceStartDate,
PriceFinishDate,
Price,
ProfitMargin
) values (
'$RoomID',
'$HotelID',
'$BoardBasisID',
'$_POST[PriceStartDate]',
'$_POST[PriceFinishDate]',
'$_POST[Price]',
'$_POST[ProfitMargin]'
)";
$RoomPriceAdd_Query = mysql_db_query($db, $RoomPriceAdd_SqlText, $baglanti) or die("Sorgu hatali3");
}
?>
我的托管公司建议:
出于安全考虑,系统功能在我们的共享托管服务器上被阻止。请让您的开发人员使用其他方式上传文件。
我不懂编码,所以非常感谢你的帮助。
我在common.php文件中有这段代码
<?
$PageTitle = "MySite";
$Default_Per_Upload_Image_Count = 6;
$Image_Dir = "PrImage/";
$Image_DirThumb = "Thmb_Image/";
$Image_Dir2 = "images/PrImage/";
$File_Max_Size = 5120;
$File_Max_Size2 = 10240;
$cm_WebSiteAddress = "http://master/cc/";
?>
您正在发出复制文件的系统调用:
system("cp $src_f $upfile");
PHP完全可以自己复制文件。该函数称为copy()。
参考
检查您的php.ini文件并搜索disable_functions。您可以从列表中删除您想要的内容(包括system()函数。