php 经典安全文件上传代码
<?php
/**
* 上传文件
* to : uploadBoroughThumb|borough|picture
* to : 函数名|目录分类|图片类型
*
*/
require('path.inc.php');
$to = $_GET["to"];
$action = $_GET['action'];
if($action==""){
$action = "form";
}
if($action=="doupload"){
echo '<html>';
echo '<head>';
echo '<title>上传成功</title>';
echo "<meta http-equiv="content-type" content="text/html; charset=gb2312">";
echo '</head>';
$store_info = explode('|',$to);
$js_func = $store_info[0];
/* 判断特殊字符 */
if($store_info[1]){
if(!ereg("^[A-Za-z]+$",$store_info[1])){
exit;
}
}
if($store_info[2]){
if(!ereg("^[A-Za-z]+$",$store_info[2])){
exit;
}
}
$upload_conf = require($cfg['path']['conf'].'upload.cfg.php');
$this_config = (array)$upload_conf[$store_info[1]][$store_info[2]];
if(empty($this_config)){
exit;
}
$upload = new UploadFile();//实例化上传对象
//设置可以上传文件的类型
$upload->setAllowFileType($this_config['allowType']);
foreach ($_FILES as $a_file){
if($a_file['error']!=UPLOAD_ERR_NO_FILE) {
try{
$fileName = $upload->upload($a_file,$cfg['path']['root'].'upfile/'.$this_config['originalPath'], 1);
$f_path['url'] = $this_config['originalPath'].$fileName;
$f_path['name'] = $a_file['name'];
$attach_file[] = $f_path;
if(in_array(strtolower(FileSystem::fileExt($f_path['name'])),array('gif','jpeg','jpg','png')) && !$this_config['noResize']){
//先缩略到指定大小
$image = new Image($cfg['path']['root'].'upfile/'.$this_config['originalPath'].$fileName);
$image->resizeImage($this_config['width'],$this_config['height'],$this_config['resizeType']);
$image->save();
//加水印
if($this_config['watermark']){
$image = new Image($cfg['path']['root'].'upfile/'.$this_config['originalPath'].$fileName);
$image->waterMark($this_config['watermarkPic'],$this_config['watermarkPos']);
$image->save();
}
//如果需要再生成缩略图
if($this_config['thumb']){
$image = new Image($cfg['path']['root'].'upfile/'.$this_config['originalPath'].$fileName);
$image->resizeImage($this_config['thumbWidth'],$this_config['thumbHeight'],$this_config['thumbResizeType']);
if($this_config['originalPath']==$this_config['thumbDir']){
//防止存储目录相同时覆盖原有的图片,不存储缩略图直接设置 thumb 属性为空
$image->save(2,$cfg['path']['root'].'upfile/'.$this_config['thumbDir'],'_thumb');
$thumb_path = $this_config['thumbDir'].FileSystem::getBasicName($fileName, false).'_thumb'.FileSystem::fileExt($fileName, true);
}else{
$image->save(1,$cfg['path']['root'].'upfile/'.$this_config['thumbDir']);
$thumb_path = $this_config['thumbDir'].$fileName;
}
}
}
//回传参数
echo "<script>
var parentForm;
if(window.opener){
parentForm = window.opener;
}else{
parentForm = window.parent;
}
parentForm.".$js_func."('".$f_path['url']."','".$f_path['name']."','".$thumb_path."');
</script>";
}catch(Exception $e){
$page->back( $e->getMessage());
}
}else{
echo "<script>
alert('请先浏览文件后点击上传php教程');
history.back();
</script>";
exit;
}
echo "<script>
/*if(window.opener){
window.close();
}else{
history.back();
}*/
history.back();
</script>";
}
echo '</body>';
echo '</html>';
}elseif($action=="form"){
echo '<html>';
echo '<head>';
echo '<title>上传文件</title>';
echo "<meta http-equiv="content-type" content="text/html; charset=gb2312">";
echo '</head>';
echo "<body leftmargin="0" topmargin="0">";
echo "<table cellpadding="2" cellspacing="1" border="0" height="100%" align="left">";
echo "<form action='upload.php?action=doupload&to=".$to."' method='post' enctype='multipart/form-data'>";
echo "<tr ><td valign='middle'>";
echo "<input type='file' name='uploadfile'>";
echo "<input name='submit' type='submit' value='上传'>";
echo "</td></tr>";
echo "</form>";
echo "</table";
echo "</body>";
echo '</html>';
}
?>
<?php
require('path.inc.php');
header('content-Type: text/html; charset=utf-8');
$borough_id = intval($_GET['id']);
if(!$borough_id){
echo '
<script>
parent.document.getElementById('mapDiv').style.display="none";
parent.document.getElementById('mapDivLink').style.display="none";
</script>
';
exit;
}
$borough = new Borough($query);
$boroughInfo = $borough->getInfo($borough_id,'*',1,true);
//charsetIconv($boroughInfo,'gbk','utf-8');
$pos = strpos($boroughInfo['borough_name'],'(');
if($pos!==false){
$boroughInfo['borough_name'] = substr($boroughInfo['borough_name'],0,$pos);
}
$boroughInfo['borough_address'] = iconv('gb2312','utf-8',$boroughInfo['borough_address']);
$boroughInfo['borough_name'] = iconv('gb2312','utf-8',$boroughInfo['borough_name']);
$pos = strpos($boroughInfo['borough_name'],'(');
if($pos!==false){
$boroughInfo['borough_name'] = substr($boroughInfo['borough_name'],0,$pos);
}
if(strpos($boroughInfo['borough_name'],'福州')===false){
$boroughInfo['borough_name'] = "福州".$boroughInfo['borough_name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<title>小区地图</title>
<script src="<?php echo $cfg['path']['js'].'jquery.js'; ?>" type="text/javascript"></script>
<script src="http://ditu.google.com/maps?file=api&v=2.x&key=ABQIAAAAHhTjWVGPsP7PRmx_R_91ZRTVyAFvJakBKxQFkhQ3JHiKjMJ6fhSBvkRl-6priBh_xdqXZcn6jaYGDw&hl=zh-CN" type="text/javascript"></script>
<script src="http://www.google.com/uds/api?file=uds.js&v=1.0" type="text/javascript"></script>
<script type="text/javascript">
var map = null;
var geocoder = null;
document.domain="fangke.cc";
function initialize() {
if (GBrowserIsCompatible()) {
map = new GMap2(document.getElementById("map_canvas"));
//map.setCenter(new GLatLng(39.917, 116.397), 13);
geocoder = new GClientGeocoder();
map.addControl(new GLargeMapControl());
//map.addControl(new GMapTypeControl());
}
}
function showAddress(address) {
if (geocoder) {
geocoder.getLatLng(
address,
function(point) {
if (!point) {
parent.document.getElementById('mapDiv').style.display="none";
parent.document.getElementById('mapDivLink').style.display="none";
} else {
$.post("ajax.php", { point: point,action:"point", id: "<?php echo $boroughInfo['id'];?>" } ,function(data){
//alert(data);
});
map.setCenter(point, 13);
var marker = new GMarker(point);
map.addOverlay(marker);
marker.openInfoWindowHtml(address+"<br><span style='font-size:12px; color:#999; line-height:150%;'><?php echo $boroughInfo['borough_address']; ?></span><br><a href='<?php echo $cfg['url_community'];?>sale.php?id=<?php echo $borough_id ?>' style='font-size:12px; color:#f90; line-height:150%;' target='_blank'>二手房源:<?php echo $boroughInfo['sell_num']; ?>套</a><br><a href='<?php echo $cfg['url_community'];?>rent.php?id=<?php echo $borough_id ?>' style='font-size:12px; color:#f90; line-height:150%;' target='_blank'>出租房源:<?php echo $boroughInfo['rent_num']; ?>套</a>");
}
}
);
}
}
function setPoint(point){//php教程
eval("var latlng = new GLatLng"+point+";");
map.setCenter(latlng, 13);
var marker = new GMarker(latlng);
map.addOverlay(marker);
marker.openInfoWindowHtml("<a href='<?php echo $cfg['url_community'];?>g-<?php echo $borough_id ?>.html' style='font-size:14px; color:#000; line-height:150%;' target='_blank'><?php echo $boroughInfo['borough_name']; ?></a><br><span style='font-size:12px; color:#999; line-height:150%;'><?php echo $boroughInfo['borough_address']; ?></span><br><a href='<?php echo $cfg['url_community'];?>sale.php?id=<?php echo $borough_id ?>' style='font-size:12px; color:#f90; line-height:150%;' target='_blank'>二手房源:<?php echo $boroughInfo['sell_num']; ?>套</a><br><a href='<?php echo $cfg['url_community'];?>rent.php?id=<?php echo $borough_id ?>' style='font-size:12px; color:#f90; line-height:150%;' target='_blank'>出租房源:<?php echo $boroughInfo['rent_num']; ?>套</a>");
}
</script>
</head>
<body onunload="GUnload()">
<div id="map_canvas" style="width: 680px; height: 300px"></div>
</body>
<script type="text/javascript">
initialize();
<?php if ($boroughInfo['layout_map'] ){ ?>
setPoint('<?php echo $boroughInfo['layout_map']; ?>');
<?php }else{ ?>
showAddress('<?php echo $boroughInfo['borough_name']; ?>');
<?php } ?>
</script>
</html>
mysql数据库表sqltable
字段id,name,sex,email
access数据库表accesstable
id,name,sex,email
<?
$connect = mysql_connect("localhost","","");
mysql_select_db("mydatabase");
$sql = "select * from sqltable;
$result = mysql_query($sql};
$connectodbc=odbc_connect("DSN","USERNAME","PASSWORD");
while($row = mysql_fetch_row($result))
{
$sql="insert into accesstable
values($row["id",$row["name",$row["sex"],$row["email"])";
odbc_do($connectodbc,$sql);
}
odbc_close($connectodbc);
mysql_close($conect);
?>
if(!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = substr($_SERVER['argv'][0],strpos($_SERVER['argv'][0],';') + 1);
}
/*
+-------------------------------------------
+ Fix: Success
+-------------------------------------------
*/
if ($_SERVER['REQUEST_URI']){
/*
+---------------------------------------
+ Check true string
+---------------------------------------
*/
if (strpos(strtolower($urlconf['domains']),'http://') === false){
$URI_CONFIG_LENGTH = strlen($urlconf['domains'].$urlconf['default']) + 1;
$URI_QUESTED_LENGTH = strlen($_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = substr($_SERVER['REQUEST_URI'],$URI_CONFIG_LENGTH,($URI_QUESTED_LENGTH - $URI_CONFIG_LENGTH));
}else{
$URI_CONFIG_LENGTH = $urlconf['domains'].$urlconf['default'].'/';
$URI_QUESTED_LENGTH = 'http://'.($_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']).$_SERVER['REQUEST_URI'];
$_SERVER['REQUEST_URI'] = str_replace($URI_CONFIG_LENGTH,'',$URI_QUESTED_LENGTH);
}
$_SERVER['REQUEST_URI'] = str_replace($urlconf['extents'],'',$_SERVER['REQUEST_URI']);
/*
+---------------------------------------
+ Rewrite uri variables
+---------------------------------------
*/
$URI_REQUESTED_VARIABLES = explode('/',$_SERVER['REQUEST_URI']);
if ($URI_REQUESTED_VARIABLES['0']){
$action = $URI_REQUESTED_VARIABLES['0'];
if ($URI_REQUESTED_VARIABLES['1']){
$option = $URI_REQUESTED_VARIABLES['1'];
if ($URI_REQUESTED_VARIABLES['2']){
$extent = $URI_REQUESTED_VARIABLES['2'];
//if ($action == 'display'){
$info = $extent;
//}
if ($URI_REQUESTED_VARIABLES['3']){
$info = $URI_REQUESTED_VARIABLES['3'];
}
}else{
$extent = $info = '';
}
}else{
$option = $extent = $info = '';
}
}else{
$action = $option = $extent = $info = '';
}
}
<?php
$tempquery = mysql_query("select dpb,facejtype from zgy_member_p_d_basic where dpb = '$city' and facejtype like '%$keyword%' ");
$count = mysql_num_rows( $tempquery );
if( $count )
{
$page=isset($_GET['page'])?$_GET['page']:1;
$pagesize=20;
$pagecount=($count % $pagesize)?(int)($count / $pagesize) +1:$count / $pagesize;
$page=($page>$pagecount || $page<1)?$page=1:$page;
$start=$pagesize*($page-1);
$sql = "Select
dpb,
truename,
uid,
sex,
birth,
education,
experience,
facejkind,
facejtype,
id
from
zgy_member_p_d_basic
where
dpb = '$city' and
facejtype like '%$keyword%' group by uid order by id desc limit $start,$pagesize";
$query = mysql_query( $sql ) or die( mysql_error() );
while( $rs = mysql_fetch_array( $query ) )
{
?>
<tr>
<td><a href="/index.php/display/resume/<?=$rs['id']?>.html" class="col-blu" target="_blank"><?=$rs['truename']?></a></td>
<td>
<?
$date = date("Y-m-d");
$date1 = $rs['birth'];
echo sdate($date,$date1);
?> </td>
<td><?= $rs['sex'] ? '男' : '女' ;?></td>
<td><?= $rs['education']?> </td>
<td><?= $rs['experience']?></td>
<td><?= $rs['facejkind']?></td>
</tr>
<?php
}
?>
<tr>
<td colspan="6">
<div class="listPage"><form action="jobs.php?keyword=<?=$keyword?>&city=<?= $city?>" method="get" enctype="application/x-www-form-urlencoded" >总数:<span class="f-red"><?=$count?>/条</span> 每页<?=$pagesize?>条 当前第<span class="f-red"><?=$page?>/<?=$pagecount?></span>页 <a href="jobs.php?keyword=<?=$keyword?>&city=<?= $city?>&page=<?=1?>" class="col-blu"> 首页 </a><a href="jobs.php?keyword=<?=$keyword?>&city=<?= $city?>&page=<?=$page-1;?>" class="col-blu">上一页 </a><span class="col-blu"> <a href="jobs.php?keyword=<?=$keyword?>&city=<?= $city?>&page=<?=$page+1;?>" class="col-blu">下一页 </a></span><a href="#" class="col-blu"><a href="jobs.php?keyword=<?=$keyword?>&city=<?= $city?>&page=<?=$count;?>" class="col-blu">尾页 </a>转到 第
<input name="page" type="text" id="page" size="3" />
<input name="city" type="hidden" value="<?=$city;?>" />
<input name="keyword" type="hidden" value="<?=$keyword;?>" />
页
<input type="submit" name="Submit" value="确定" />
</form>
</div>
</div>
</td>
</tr>
<?
}
else
{
?>
<tr>
<td colspan="6">对不起,您要查找内容暂时不存在!</td>
</tr>
<?php
}
?>
</table>
</div>
相关文章
- 下面小编来给大家演示几个php操作zip文件的实例,我们可以读取zip包中指定文件与删除zip包中指定文件,下面来给大这介绍一下。 从zip压缩文件中提取文件 代...2016-11-25
Jupyter Notebook读取csv文件出现的问题及解决
这篇文章主要介绍了JupyterNotebook读取csv文件出现的问题及解决,具有很好的参考价值,希望对大家有所帮助。如有错误或未考虑完全的地方,望不吝赐教...2023-01-06- 有时我们接受或下载到的PSD文件打开是空白的,那么我们要如何来解决这个 问题了,下面一聚教程小伙伴就为各位介绍Photoshop打开PSD文件空白解决办法。 1、如我们打开...2016-09-14
- 这篇文章主要介绍了解决python 使用openpyxl读写大文件的坑,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧...2021-03-13
- 这篇文章主要介绍了C#实现HTTP下载文件的方法,包括了HTTP通信的创建、本地文件的写入等,非常具有实用价值,需要的朋友可以参考下...2020-06-25
- 这篇文章主要为大家详细介绍了SpringBoot实现excel文件生成和下载,文中示例代码介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们可以参考一下...2021-02-09
- C#使用System.IO中的文件操作方法在Windows系统中处理本地文件相当顺手,这里我们还总结了在Oracle中保存文件的方法,嗯,接下来就来看看整理的C#操作本地文件及保存文件到数据库的基本方法总结...2020-06-25
php无刷新利用iframe实现页面无刷新上传文件(1/2)
利用form表单的target属性和iframe 一、上传文件的一个php教程方法。 该方法接受一个$file参数,该参数为从客户端获取的$_files变量,返回重新命名后的文件名,如果上传失...2016-11-25- 本文章来人大家介绍一个php文件上传类的使用方法,期望此实例对各位php入门者会有不小帮助哦。 简介 Class.upload.php是用于管理上传文件的php文件上传类, 它可以帮...2016-11-25
- 作为前端,一直以来都知道HTTP劫持与XSS跨站脚本、CSRF跨站请求伪造。防御这些劫持最好的方法是从后端入手,前端能做的太少。而且由于源码的暴露,攻击者很容易绕过防御手段。但这不代表我们去了解这块的相关知识是没意义的,本文的许多方法,用在其他方面也是大有作用。...2021-05-24
- 要替换字符串中的内容我们只要利用php相关函数,如strstr,str_replace,正则表达式了,那么我们要替换目录所有文件的内容就需要先遍历目录再打开文件再利用上面讲的函数替...2016-11-25
- 又码了一个周末的代码,这次在做一些关于文件上传的东西。(PHP UPLOAD)小有收获项目是一个BT种子列表,用户有权限上传自己的种子,然后配合BT TRACK服务器把种子的信息写出来...2016-11-25
- 本文实例讲述了jQuery实现文件上传进度条效果的代码。分享给大家供大家参考。具体如下: 运行效果截图如下:具体代码如下:<!DOCTYPE html><html><head><meta charset="utf-8"><title>upload</title><link rel="stylesheet...2015-11-24
- 今天小编在这里就来给photoshop的这一款软件的使用者们来说下AI源文件转photoshop图像变模糊问题的解决教程,各位想知道具体解决方法的使用者们,那么下面就快来跟着小编...2016-09-14
- 步骤:Window -> PHP -> Editor -> Templates,这里可以设置(增、删、改、导入等)管理你的模板。新建文件注释、函数注释、代码块等模板的实例新建模板,分别输入Name、Description、Patterna)文件注释Name: 3cfileDescriptio...2013-10-04
- 这篇文章主要介绍了C++万能库头文件在vs中的安装步骤(图文),文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧...2021-02-23
- 本篇文章主要说明的是与php文件上传的相关配置的知识点。PHP文件上传功能配置主要涉及php.ini配置文件中的upload_tmp_dir、upload_max_filesize、post_max_size等选项,下面一一说明。打开php.ini配置文件找到File Upl...2015-10-21
ant design中upload组件上传大文件,显示进度条进度的实例
这篇文章主要介绍了ant design中upload组件上传大文件,显示进度条进度的实例,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧...2020-10-29- 这篇文章主要介绍了C#使用StreamWriter写入文件的方法,涉及C#中StreamWriter类操作文件的相关技巧,需要的朋友可以参考下...2020-06-25
- 举一个案例:复制代码 代码如下:<?phpclass Downfile { function downserver($file_name){$file_path = "./img/".$file_name;//转码,文件名转为gb2312解决中文乱码$file_name = iconv("utf-8","gb2312",$file_name...2014-06-07