0

ファイル名が異なっていてもアップロードしようとすると、アップロードスクリプトにファイルが既に存在すると表示されます

<?php
// Start a session for error reporting
session_start();
?>
<?php
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
    header('Location: index.html');
}

// Call our connection file
include('config.php');

// Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
// This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/JPG", "image/jpeg", "image/bmp", "image/gif",  "image/png");

if (in_array($file['type'], $valid_types))
    return 1;
return 0;
}

// Just a short function that prints out the contents of an array in a manner that's easy to read
// I used this function during debugging but it serves no purpose at run time for this   example
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}

// Set some constants
// Grab the User ID we sent from our form
$user_id = $_SESSION['username'];
$category = $_POST['category'];

// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "img/users/$category/$user_id/";
mkdir($TARGET_PATH, 0755, true);

// Get our POSTed variables
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$contact = $_POST['contact'];
$price = $_POST['price'];
$image = $_FILES['image'];


// Build our target path full string.  This is where the file will be moved do
// i.e.  images/picture.jpg
$TARGET_PATH .= $image['name'];

// Make sure all the fields from the form have inputs
if ( $fname == "" || $lname == "" || $image['name'] == "" )
{
$_SESSION['error'] = "All fields are required";
header("Location: error.php");
exit;
}

// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: error.php");
exit;
}

// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: error.php");
exit;
}


// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server

$imagename = $image['name'];

$sql = "insert into people (price, contact, category, username, fname, lname, expire, filename) values (:price, :contact, :category, :user_id, :fname, :lname, now() + INTERVAL 1 MONTH, :imagename)";
                            $q = $conn->prepare($sql) or    die("failed!");
                            $q->bindParam(':price', $price, PDO::PARAM_STR);
                            $q->bindParam(':contact', $contact, PDO::PARAM_STR);
                            $q->bindParam(':category', $category, PDO::PARAM_STR);
                            $q->bindParam(':user_id', $user_id, PDO::PARAM_STR);
                            $q->bindParam(':fname', $fname, PDO::PARAM_STR);
                            $q->bindParam(':lname', $lname, PDO::PARAM_STR);
                            $q->bindParam(':imagename', $imagename, PDO::PARAM_STR);
                            $q->execute();


$sql1 = "UPDATE people SET firstname = (SELECT firstname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
                            $q = $conn->prepare($sql1) or die("failed!");
                            $q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
                            $q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
                            $q->execute();


$sql2 = "UPDATE people SET surname = (SELECT surname FROM user WHERE username=:user_id1) WHERE username=:user_id2";
                            $q = $conn->prepare($sql2) or die("failed!");
                            $q->bindParam(':user_id1', $user_id, PDO::PARAM_STR);
                            $q->bindParam(':user_id2', $user_id, PDO::PARAM_STR);
                            $q->execute();


header("Location: search.php");
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file.  Check read/write persmissions on the directory";
header("Location: error.php");
exit;
}
?>
4

1 に答える 1

1

is_dirディレクトリを検証するときに使用する必要があります

PHPDOCからfile_exists

filenameで指定されたファイルまたはディレクトリが存在する場合はTRUEを返します。それ以外の場合はFALSE。

PHPDOCからis_dir

ファイル名が存在し、ディレクトリである場合はTRUEを返し、そうでない場合はFALSEを返します。

次のテストスクリプトを実行してください

if (! is_dir($TARGET_PATH) &&  is_writable($TARGET_PATH)) {
    #var_dump before
    var_dump(is_dir($TARGET_PATH), is_writable($TARGET_PATH));
    mkdir($TARGET_PATH, 0755, true);
}

#var_dump after
var_dump(is_dir($TARGET_PATH), is_writable($TARGET_PATH));
于 2012-10-02T21:30:43.217 に答える