如何检查用户是否用PHP上传文件?

我做了一些表单validation,以确保用户上传的文件是正确的types。 但是上传是可选的,所以如果他没有上传任何内容并提交表单的其余部分,我想跳过validation。 我如何检查他是否上传了一些东西? $_FILES['myflie']['size'] <=0工作?

你可以使用is_uploaded_file()

 if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) { echo 'No upload'; } 

从文档:如果文件名为:返回TRUE

文件名是通过HTTP POST上传的。 这有助于确保恶意用户没有试图欺骗脚本来处理不应该在其上工作的文件 – 例如/ etc / passwd。

如果上传的文件有任何可能将内容泄露给用户,甚至是同一系统上的其他用户,则这种检查尤其重要。

编辑:我在我的FileUpload类中使用,以防万一:

 public function fileUploaded() { if(empty($_FILES)) { return false; } $this->file = $_FILES[$this->formField]; if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){ $this->errors['FileNotExists'] = true; return false; } return true; } 

@ karim79有正确的答案,但我不得不重写他的例子,以适应我的目的。 他的例子假定提交的字段的名称是已知的,并且可以被硬编码。我进一步做了一个function,告诉我是否有file upload,而不必知道上传字段的名称。

 /** * Tests all upload fields to determine whether any files were submitted. * * @return boolean */ function files_uploaded() { // bail if there were no upload forms if(empty($_FILES)) return false; // check for uploaded files $files = $_FILES['files']['tmp_name']; foreach( $files as $field_title => $temp_name ){ if( !empty($temp_name) && is_uploaded_file( $temp_name )){ // found one! return true; } } // return false if no files were found return false; } 

此代码为我工作。 我正在使用多个file upload,所以我需要检查是否有任何上传。

HTML部分:

 <input name="files[]" type="file" multiple="multiple" /> 

PHP部分:

 if(isset($_FILES['files']) ){ foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){ if(!empty($_FILES['files']['tmp_name'][$key])){ // things you want to do } } 
 <!DOCTYPE html> <html> <body> <form action="#" method="post" enctype="multipart/form-data"> Select image to upload: <input name="my_files[]" type="file" multiple="multiple" /> <input type="submit" value="Upload Image" name="submit"> </form> <?php if (isset($_FILES['my_files'])) { $myFile = $_FILES['my_files']; $fileCount = count($myFile["name"]); for ($i = 0; $i <$fileCount; $i++) { $error = $myFile["error"][$i]; if ($error == '4') // error 4 is for "no file selected" { echo "no file selected"; } else { $name = $myFile["name"][$i]; echo $name; echo "<br>"; $temporary_file = $myFile["tmp_name"][$i]; echo $temporary_file; echo "<br>"; $type = $myFile["type"][$i]; echo $type; echo "<br>"; $size = $myFile["size"][$i]; echo $size; echo "<br>"; $target_path = "uploads/$name"; //first make a folder named "uploads" where you will upload files if(move_uploaded_file($temporary_file,$target_path)) { echo " uploaded"; echo "<br>"; echo "<br>"; } else { echo "no upload "; } } } } ?> </body> </html> 

请参阅http://www.techzigzag.com/how-to-check-that-user-has-upload-any-file-or-not-in-php/

但要警惕。 用户可以上传任何types的文件,也可以通过上传恶意或PHP文件破解您的服务器或系统。 在这个脚本中应该有一些validation。 谢谢。

我检查了你的代码,并认为你应该试试这个:

 if(!file_exists($_FILES['fileupload']['tmp_name']) || !is_uploaded_file($_FILES['fileupload']['tmp_name'])) { echo 'No upload'; } else echo 'upload'; 

你应该使用$_FILES[$form_name]['error'] 。 如果没有file upload,则返回UPLOAD_ERR_NO_FILE 。 完整列表: PHP:错误信息说明

 function isUploadOkay($form_name, &$error_message) { if (!isset($_FILES[$form_name])) { $error_message = "No file upload with name '$form_name' in form."; return false; } $error = $_FILES[$form_name]['error']; // List at: http://php.net/manual/en/features.file-upload.errors.php if ($error != UPLOAD_ERR_OK) { switch ($error) { case UPLOAD_ERR_INI_SIZE: $error_message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini.'; break; case UPLOAD_ERR_FORM_SIZE: $error_message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.'; break; case UPLOAD_ERR_PARTIAL: $error_message = 'The uploaded file was only partially uploaded.'; break; case UPLOAD_ERR_NO_FILE: $error_message = 'No file was uploaded.'; break; case UPLOAD_ERR_NO_TMP_DIR: $error_message = 'Missing a temporary folder.'; break; case UPLOAD_ERR_CANT_WRITE: $error_message = 'Failed to write file to disk.'; break; case UPLOAD_ERR_EXTENSION: $error_message = 'A PHP extension interrupted the upload.'; break; default: $error_message = 'Unknown error'; break; } return false; } $error_message = null; return true; } 

is_uploaded_file()很好用,特别是用来检查它是上传文件还是本地文件(出于安全目的)。

但是,如果您想检查用户是否上传文件,请使用$_FILES['file']['error'] == UPLOAD_ERR_OK

有关file upload错误消息,请参阅PHP手册。 如果你只是想检查没有文件,使用UPLOAD_ERR_NO_FILE