php实现上传

PHP 文件上传实现方法

创建 HTML 表单

使用 <form> 标签创建文件上传表单，设置 enctype="multipart/form-data" 属性：

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload File" name="submit">
</form>

处理上传的 PHP 脚本

创建 upload.php 文件处理上传逻辑：

$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

验证文件类型

检查文件是否为真实图片（可选）：

if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

检查文件是否已存在

if (file_exists($targetFile)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}

限制文件大小

if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}

限制文件格式

if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

执行上传

if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
        echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}

安全注意事项

• 确保上传目录有写权限
• 使用 is_uploaded_file() 验证文件是否通过 HTTP POST 上传
• 考虑重命名上传文件避免文件名冲突
• 对文件扩展名进行严格检查
• 考虑将上传文件存储在 web 根目录之外

完整示例代码

<?php
$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

if (file_exists($targetFile)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}

if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}

if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
        echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

多文件上传实现

HTML 表单：

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="filesToUpload[]" id="filesToUpload" multiple>
    <input type="submit" value="Upload Files" name="submit">
</form>

PHP 处理：

if(isset($_POST['submit'])){
    $total = count($_FILES['filesToUpload']['name']);
    for($i=0; $i<$total; $i++) {
        $tmpFilePath = $_FILES['filesToUpload']['tmp_name'][$i];
        if($tmpFilePath != ""){
            $newFilePath = "uploads/" . $_FILES['filesToUpload']['name'][$i];
            if(move_uploaded_file($tmpFilePath, $newFilePath)) {
                echo "File ". $_FILES['filesToUpload']['name'][$i] ." uploaded successfully.<br>";
            }
        }
    }
}