文件上传无法在IE和Firefox中使用

I have the following code to upload a file to the server. For some weird reason, it does not work in IE and Mozilla Firefox but works perfect in Chrome. What is the problem?

我有以下代码将文件上传到服务器。出于某些奇怪的原因,它在IE和Mozilla Firefox中不起作用,但在Chrome中运行完美。问题是什么?

PHP:

// Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762)
    $POST_MAX_SIZE = ini_get('post_max_size');
    $unit = strtoupper(substr($POST_MAX_SIZE, -1));
    $multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));

    if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE)
        HandleError('File exceeded maximum allowed size. Your file size <b>MUST NOT</b> be more than 100kb.');

// Settings
    $save_path = 'uploads/'; //getcwd() . '/uploads/';The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
    $upload_name = 'userfile';                          // change this accordingly
    $max_file_size_in_bytes = 102400;               // 100k in bytes
    $whitelist = array('jpg', 'png', 'gif', 'jpeg');    // Allowed file extensions
    $blacklist = array('php', 'php3', 'php4', 'phtml','exe','txt','scr','cgi','pl','shtml'); // Restrict file extensions
    $valid_chars_regex = 'A-Za-z0-9_-\s ';// Characters allowed in the file name (in a Regular Expression format)

// Other variables
    $MAX_FILENAME_LENGTH = 260;
    $file_name = $_FILES[$upload_name]['name'];
    //echo "testing-".$file_name."<br>";
    //$file_name = strtolower($file_name);
    ////////$file_extension = end(explode('.', $file_name));

    $parts = explode('.', $file_name);
    $file_extension = end($parts);

    $uploadErrors = array(
        0=>'There is no error, the file uploaded with success',
        1=>'The uploaded file exceeds the upload max filesize allowed.',
        2=>'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
        3=>'The uploaded file was only partially uploaded',
        4=>'No file was uploaded',
        6=>'Missing a temporary folder'
    );

// Validate the upload
    if (!isset($_FILES[$upload_name]))


        **HandleError('No upload found for ' . $upload_name);**//THROWS UP ERROR HERE in IE and Firefox


    else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)
        HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
    else if (!isset($_FILES[$upload_name]['tmp_name']) || !@is_uploaded_file($_FILES[$upload_name]['tmp_name']))
        HandleError('Upload failed.');
    else if (!isset($_FILES[$upload_name]['name']))
        HandleError('File has no name.');

HTML:

<form name="upload" action="/upload" method="POST" ENCTYPE="multipart/formdata">
        <table border="0" cellpadding="3" cellspacing="3" class="forms">
          <tr> 
           <tr> 
           <td style="height: 26px" align="center">
<font class="font_upload_picture">'.MSG142.': <input class="font_upload_picture" type="file" name="userfile">
<input type=hidden name=MAX_FILE_SIZE value=102400 />
           </td>
          </tr>
          <tr> 
            <td colspan="2">
                   <p align="center">
                                <input type="image" name="upload" value="upload" src="/img/layout/btnupload.gif" border="0" />
                              </p>
                              <p>&nbsp;</p>
                              <td><a href="/picturecamerasettings"><img src="/img/layout/takepicture.gif" border="0" /><br> '.MSG143.'</a></td>
                              </tr>
        </table>
        </form>

3 个解决方案

#1

The enctype of the form should be multipart/form-data

表单的enctype应该是multipart / form-data

#2

You have errors in your html. You're missing closing tags for a tr and td tag. Also, close off your file upload input tag />.

您的HTML中有错误。您缺少tr和td标记的结束标记。此外,关闭文件上传输入标签/>。

#3

Some of your logic is off:

你的一些逻辑是关闭的:

if (!isset($_FILES[$upload_name]))

will always pass. For every <input type="file"> in your form, there'll be a matching $_FILES entry, whether a file was actually uploaded or not. If no file was uploaded to being with, then you'll get error code 4.

永远都会过去。对于表单中的每个,无论文件是否实际上传,都会有匹配的$ _FILES条目。如果没有上传文件,那么您将收到错误代码4。

else if (isset($_FILES[$upload_name]['error']) && $_FILES[$upload_name]['error'] != 0)

You don't have to check if the error parameter is set. as long as $upload_name has a valid file field name in it, the error section will be there. You can check for $_FILES[$upload_name], though. in case your variable's set wrong.

您不必检查是否设置了error参数。只要$ upload_name中包含有效的文件字段名称,错误部分就会出现在那里。但是,您可以检查$ _FILES [$ upload_name]。万一你的变量设置错误。

You've commented it out, but you're checking for valid upload types by checking the user-provided filename. Remember that the ['type'] and ['name'] parameters in $_FILES are user-supplied and can be subverted. Nothing says a malicious user can't rename bad_virus.exe to cute_puppies.jpg and get through your 'validation' check. Always determine MIME type on the server, by using something like Fileinfo. That inspects the file's actual contents, not just the filename.

您已经注释掉了,但是您通过检查用户提供的文件名来检查有效的上传类型。请记住,$ _FILES中的['type']和['name']参数是用户提供的,可以被破坏。没有任何说恶意用户无法将bad_virus.exe重命名为cute_puppies.jpg并通过“验证”检查。始终使用Fileinfo之类的东西确定服务器上的MIME类型。检查文件的实际内容,而不仅仅是文件名。

So, your upload validation should look something like:

因此,您的上传验证应如下所示:

if (isset($_FILES[$upload_name]) && ($_FILES[$upload_name]['error'] === UPLOAD_ERR_OK)) {
    $fi = finfo_open(FILE_INFO_MIME_TYPE);
    $mime = finfo_file($fi, $_FILES[$upload_name]['tmp_name']);
    if (!in_array($valid_mime_type, $mime)) {
       HandleError("Invalid file type $mime");
    }
    etc...
} else {
    HandleError($uploadErrors[$_FILES[$upload_name]['error']]);
}

#1