php实现上传

上传文件的基本流程

在PHP中实现文件上传功能需要结合HTML表单和PHP文件处理逻辑。HTML表单负责提供文件选择界面，PHP脚本负责接收并处理上传的文件。

HTML表单设置

创建一个包含文件上传字段的HTML表单，表单的enctype属性必须设置为multipart/form-data，method属性设置为POST。

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload File" name="submit">
</form>

PHP文件处理

在PHP脚本中，通过$_FILES超全局数组获取上传的文件信息。$_FILES数组包含文件名、类型、大小、临时文件名和错误代码等信息。

$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

文件验证

对上传的文件进行验证，包括检查文件是否已存在、文件大小限制、文件类型限制等。

if (file_exists($targetFile)) {
    echo "File already exists.";
    $uploadOk = 0;
}

if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "File is too large.";
    $uploadOk = 0;
}

$allowedTypes = ["jpg", "png", "jpeg", "gif"];
if (!in_array($imageFileType, $allowedTypes)) {
    echo "Only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

文件移动

如果所有验证通过，使用move_uploaded_file函数将临时文件移动到目标目录。

if ($uploadOk == 1) {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
        echo "The file " . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.";
    } else {
        echo "Error uploading file.";
    }
}

安全性增强

为了增强安全性，可以生成唯一的文件名，避免文件名冲突和潜在的安全风险。

$fileName = uniqid() . '.' . $imageFileType;
$targetFile = $targetDir . $fileName;

错误处理

检查$_FILES["fileToUpload"]["error"]的值，处理可能出现的上传错误。

if ($_FILES["fileToUpload"]["error"] != UPLOAD_ERR_OK) {
    switch ($_FILES["fileToUpload"]["error"]) {
        case UPLOAD_ERR_INI_SIZE:
            echo "File exceeds upload_max_filesize in php.ini.";
            break;
        case UPLOAD_ERR_FORM_SIZE:
            echo "File exceeds MAX_FILE_SIZE in HTML form.";
            break;
        case UPLOAD_ERR_PARTIAL:
            echo "File was only partially uploaded.";
            break;
        case UPLOAD_ERR_NO_FILE:
            echo "No file was uploaded.";
            break;
        case UPLOAD_ERR_NO_TMP_DIR:
            echo "Missing temporary folder.";
            break;
        case UPLOAD_ERR_CANT_WRITE:
            echo "Failed to write file to disk.";
            break;
        default:
            echo "Unknown upload error.";
    }
}

完整示例

将上述代码整合为一个完整的PHP文件上传示例。

<?php
$targetDir = "uploads/";
$fileName = uniqid() . '.' . strtolower(pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_EXTENSION));
$targetFile = $targetDir . $fileName;
$uploadOk = 1;
$allowedTypes = ["jpg", "png", "jpeg", "gif"];

if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "File is too large.";
    $uploadOk = 0;
}

if (!in_array($imageFileType, $allowedTypes)) {
    echo "Only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

if ($uploadOk == 1) {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
        echo "The file has been uploaded as " . htmlspecialchars($fileName);
    } else {
        echo "Error uploading file.";
    }
}
?>

注意事项

确保目标目录uploads/存在且具有写权限。可以通过PHP代码检查并创建目录。

if (!file_exists($targetDir)) {
    mkdir($targetDir, 0777, true);
}

对于生产环境，建议进一步限制文件类型、检查文件内容（如通过getimagesize验证图片文件）、设置更严格的文件大小限制，并考虑使用HTTPS协议以确保传输安全。