Method for judging whether file has selected to upload files by uploading PHP files

This paper describes the method of judging whether file has chosen to upload files by uploading PHP files. Share it for your reference. The specific methods are as follows:

A qualified programmer in the realization of data warehousing we will have a very strict filtering and data rules, like when we upload files in the front section to judge whether users choose to upload files at the same time in the background can also judge whether there are uploaded files, this example is to do a more in-depth analysis.

As shown in the following html code:

<form action="?" method="post" enctype='multipart/form-data'>

 File upload: <input type="file" name="file" id="file"/>

<input type="submit" id="send" value=" Submit "/>

</form>

The most common thing we use is to make simple judgments at the front end

<script>

var send=document.getElementById("send");

send.onclick=function(){

var file=document.getElementById("file").value;

if(file.length<1){

alert(' Please select a picture ');

return false;

}

}

</script>

If we want to do real security, we need to enter the judgment processing in the background

<?php

// Judge pic File box has a file selected 

if(!empty($_FILES['file']['tmp_name'])){

echo' Selected file ';

}else{

echo' Please select a file ';

}

//PS : $_FILES Back ['tmp_name']1 Don't forget to write, it means yes 1 A temporary meaning 

?>

Safety case analysis

The judgment of js is rather general. We only use file = document. getElementById ("file"). value; To judge whether file has a value or is not empty, so as long as you enter 1 number, you can submit it directly, so we need to enter the user name limit for uploading files
Such as

function CheckWorkFile()

{

var obj=document.getElementById('fuMain');

if(obj.value=='')

{

alert(' Please select the homework file to upload ');

return false;

}

var stuff=obj.value.match(/^(.*)( \ .)(.{1,8})$/)[3];

if(stuff!='doc')

{

alert(' The file type is incorrect, please select .doc Documents ');

return false;

}

return true;

}

For php processing, we only use if (! empty ($_FILES ['file'] ['tmp_name']) {, which is also unreasonable
If we can deal with it like this

function file_type($filename)

{

    $file = fopen($filename, "rb");

    $bin = fread($file, 2); // Read-only 2 Byte 

    fclose($file);

    $strInfo = @unpack("C2chars", $bin);

    $typeCode = intval($strInfo['chars1'].$strInfo['chars2']);

    $fileType = '';

    switch ($typeCode)

    {

        case 7790:

            $fileType = 'exe';

            break;

        case 7784:

            $fileType = 'midi';

            break;

        case 8297:

            $fileType = 'rar';

            break;        

  case 8075:

            $fileType = 'zip';

            break;

        case 255216:

            $fileType = 'jpg';

            break;

        case 7173:

            $fileType = 'gif';

            break;

        case 6677:

            $fileType = 'bmp';

            break;

        case 13780:

            $fileType = 'png';

            break;

        default:

            $fileType = 'unknown: '.$typeCode;

    }

 //Fix

 if ($strInfo['chars1']=='-1' AND $strInfo['chars2']=='-40' ) return 'jpg';

 if ($strInfo['chars1']=='-119' AND $strInfo['chars2']=='80' ) return 'png';

    return $fileType;

}

echo file_type('start.php');   // 6063 or 6033

In this way, we can limit the uploaded file types and also give the program a safe treatment

I hope this article is helpful to everyone's PHP programming.