Summary of PHP file upload (garbled code, move failure, permission, display picture)

LAMP Environmental Science ：

Linux Mint 16 32bits xfce

apache 2.4.6 Ubuntu

php 5.5.3

Default www yes /var/www, I used symbols to connect to /home/tony/www

And then modify sudo chmod 777 www

Upload page code ：

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body>

<form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form>

</body> </html>

This code needs to add head Indicates the character set , The following code is the same

<head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <?php if ($_FILES["file"]["error"] > 0)   {   echo "Error: " . $_FILES["file"]["error"] . "<br />";   } else   {   echo "Upload: " .$_FILES["file"]["name"]. "<br />";   echo "Type: " . $_FILES["file"]["type"] . "<br />";   echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";   echo "Stored in: " . $_FILES["file"]["tmp_name"]."<br />";   }   if(is_uploaded_file($_FILES["file"]["tmp_name"])){    echo "legal uploaded file<br>";    }else echo "illegai uploaded file<br>";   $src_path= $_FILES["file"]["tmp_name"];   $des_path= '/home/tony/www/upload/'."a.jpg";   //$des_path= '/home/tony/www/upload/'.$_FILES["file"]["name"];   echo $src_path . "<br />";   echo $des_path . "<br />";   if(file_exists($src_path)){    echo "file exists.<br />";   }   if(move_uploaded_file($src_path,$des_path)){       echo "Stored in: "."<br />";   }else  echo"<br>move failed.";  printf("<img src=%s />","upload/a.jpg"); ?>

This piece of code is miscellaneous , Not beautiful . But it illustrates some problems .

1/ Still specify the character set , Otherwise, there will be problems on different browsers or systems ,apache2 The configuration file of does not AddDefaultCharset function , If it has been changed, please change it to AddDefaultCharset Off; restart apache2

2/ Temporary files in php It will disappear after execution , Hard to see with the naked eye , You can have one at the end while(1);

3/ Someone asked why you can't use other functions to transfer uploaded files ？ Now that I have a path .http This upload mechanism can ensure a certain degree of security , If you can verify the security of the upload , Other functions are also competent

4/ I always move You don't succeed , After several investigations , The new path does not have permission , All are linux The safety of . Try to use chmod -R 777 www, Find the bottom upload Not obtained 777 Authority ... This is a bug？ Back to the upload Just change the permission

Finally, the absolute path cannot be used to insert the picture , Use a relative path , So far I don't understand why

It should be handled during uploading php Add some file type detection there , File header detection , Restriction of forbidden operation , I'll fill in these security or function restrictions when I'm free .