...
在php上传文件或图片时我们会碰到要限制上传文件的类型,如果我们单只限制后缀名是很容易给绕过去的,下面我找了一些后辍名对应mine对照表,希望对大家有帮助。
使用PHP脚本上传文件时需要将文件格式处理为PHP所认识的文件类型,例如(.jpg的文件格式为image/jpeg)。这个格式的判断首先是由浏览器完成的,浏览器通过表单的提交判断是某类文件,再提交给php进行处理。
有时候不同浏览器对文件类型的定义不相同,因此有时候需要对不同的浏览器做判断。其实可以将不同浏览器的类型都加入到判断中。
下面提供一张IE和火狐浏览器的文件类型对照表:
ie |
火狐 |
id |
后缀名 |
php识别出的文件类型 |
0 |
gif |
image/gif |
1 |
jpg |
image/jpeg |
2 |
png |
image/png |
3 |
bmp |
image/bmp |
4 |
psd |
application/octet-stream |
5 |
ico |
image/x-icon |
6 |
rar |
application/octet-stream |
7 |
zip |
application/zip |
8 |
7z |
application/octet-stream |
9 |
exe |
application/octet-stream |
10 |
avi |
video/avi |
11 |
rmvb |
application/vnd.rn-realmedia-vbr |
12 |
3gp |
application/octet-stream |
13 |
flv |
application/octet-stream |
14 |
mp3 |
audio/mpeg |
15 |
wav |
audio/wav |
16 |
krc |
application/octet-stream |
17 |
lrc |
application/octet-stream |
18 |
txt |
text/plain |
19 |
doc |
application/msword |
20 |
xls |
application/vnd.ms-excel |
21 |
ppt |
application/vnd.ms-powerpoint |
22 |
pdf |
application/pdf |
23 |
chm |
application/octet-stream |
24 |
mdb |
application/msaccess |
25 |
sql |
application/octet-stream |
26 |
con |
application/octet-stream |
27 |
log |
text/plain |
28 |
dat |
application/octet-stream |
29 |
ini |
application/octet-stream |
30 |
php |
application/octet-stream |
31 |
html |
text/html |
32 |
htm |
text/html |
33 |
ttf |
application/octet-stream |
34 |
fon |
application/octet-stream |
35 |
js |
application/x-javascript |
36 |
xml |
text/xml |
37 |
dll |
application/octet-stream |
38 |
dll |
application/octet-stream |
|
id |
后缀名 |
php识别出的文件类型 |
0 |
gif |
image/gif |
1 |
jpg |
image/pjpeg |
2 |
png |
image/x-png |
3 |
bmp |
image/bmp |
4 |
psd |
application/octet-stream |
5 |
ico |
image/x-icon |
6 |
rar |
application/octet-stream |
7 |
zip |
application/x-zip-compressed |
8 |
7z |
application/octet-stream |
9 |
exe |
application/octet-stream |
10 |
avi |
video/avi |
11 |
rmvb |
application/vnd.rn-realmedia-vbr |
12 |
3gp |
application/octet-stream |
13 |
flv |
application/octet-stream |
14 |
mp3 |
audio/mpeg |
15 |
wav |
audio/wav |
16 |
krc |
application/octet-stream |
17 |
lrc |
application/octet-stream |
18 |
txt |
text/plain |
19 |
doc |
application/msword |
20 |
xls |
application/vnd.ms-excel |
21 |
ppt |
application/vnd.ms-powerpoint |
22 |
pdf |
application/pdf |
23 |
chm |
application/octet-stream |
24 |
mdb |
application/msaccess |
25 |
sql |
text/plain |
26 |
con |
application/octet-stream |
27 |
log |
text/plain |
28 |
dat |
text/plain |
29 |
ini |
application/octet-stream |
30 |
php |
application/octet-stream |
31 |
html |
text/html |
32 |
htm |
text/html |
33 |
ttf |
application/octet-stream |
34 |
fon |
application/octet-stream |
35 |
js |
text/html |
36 |
xml |
text/xml |
37 |
dll |
application/octet-stream |
38 |
class |
application/java |
|
下面看一个实例
代码如下 |
复制代码 |
$temppath=$upfile['tmp_name'];
$fileinfo=pathinfo($upfile['name']);
$extension=$upfile['type'];
//echo $extension;
//exit;
switch( $extension )
{
case 'application/msword':
$extension ='doc';
break;
case 'application/vnd.ms-excel':
$extension ='xls';
break;
case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
$extension ='docx';
break;
case 'application/vnd.ms-powerpoint':
$extension ='ppt';
break;
case 'application/pdf':
$extension ='pdf';
break;
case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
$extension ='xlsx';
break;
default:
die('只允许上传doc,docx,xls,pdf,ppt文件 重新上传');
}
|
上面实例就限制了只能上传doc,docx,xls,pdf,ppt了,这样如果有人想利用后缀名上传其它如php或asp文件就存在会提示上传文件不合法。
http://www.bkjia.com/PHPjc/632741.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/632741.htmlTechArticle在php上传文件或图片时我们会碰到要限制上传文件的类型,如果我们单只限制后缀名是很容易给绕过去的,下面我找了一些后辍名对应mine对...