index.html
<form action="php.php" method="post" enctype="multipart/form-data"> <input type="file" name="filename"/> <input type="submit" value="上传文件"/> </form>
php.php
<?php
try {
$file = $_FILES['filename'];
if (!$file['error'] == 0) {
throw new Exception('上传文件出错');
}
//文件来源安全性(文件上传白名单)
if (!$file['tmp_name']) {
throw new Exception('您的图片来源不安全');
}
//文件目录
$dir = 'upload/' . date('ym/');
if (!is_dir($dir)) {
mkdir($dir, 0777, true);
}
//文件上传大小
if ($file['size'] > 80000000) {
throw new Exception('文件不得超过80000000M');
}
//文件名
$name = $file['name'];
$ext = substr($name, strrpos($name, '.'));
if (!preg_match('/(.jpg)|(.png)|(.gif)$/', $ext)) {
throw new Exception('图片格式错误');
}
$newname = md5(time() . rand(0, 999999999) . rand(111, 9999)) . $ext;
$filenamea = $file['tmp_name'];
move_uploaded_file($filenamea, $dir . $newname);
// 数据库连接
$link = new mysqli('localhost', 'root', 'password', 'image');
if ($link->connect_errno) {
unlink($dir . $newname);
throw new Exception('数据库连接失败');
}
$sql = 'INSERT INTO images (`name`,url,`time`) VALUES ("' . $name . '","' . $dir . $newname . '",' . time() . ')';
var_dump($sql);
$res = $link->query($sql);
if (!res) {
echo '失败';
}
} catch (Exception $ex) {
echo $ex->getMessage();
}
纸上学来终觉浅,绝知此事要躬行
