上传文件时,如果判断上传的文件为病毒或可执行文件之类的? $_FILES['image']['type']或者上传文件的后缀 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 我不是说了吗??$_FILES['image']['type']是一个方法,后缀是一个方法 文件上载都是以二进流加密的形式被传到服务器,有N组PACKET包,去到服务器后被组装解码后便是要上传文件的拷贝.但现在暂时还没有对PACKET包进行数据检查的机制,所现在较流行的做法是楼上那位说的二种方法.有些高手曾写过针对PE表头检查的脚本.说病毒而言,它们有其特征符,理论上如果有一个足够全\更新速度及时的特征库,脱壳程序,解码程序,可以做到楼主说的"防止病毒上传".但就现在,不论是国内,还是国外,都还没有实现.就像现在的几个有名的杀毒软件开发商也只是开启了实时"监控".被动的防毒模式.所以,杀毒总是有一种置后感. 通过 $_FILES['image']['type']判断就可以了,过滤掉application/octet-stream "*" => "application/octet-stream","323" => "text/h323","acx" => "application/internet-property-stream","ai" => "application/postscript","aif" => "audio/x-aiff","aifc" => "audio/x-aiff","aiff" => "audio/x-aiff","asf" => "video/x-ms-asf","asr" => "video/x-ms-asf","asx" => "video/x-ms-asf","au" => "audio/basic","avi" => "video/x-msvideo","axs" => "application/olescript","bas" => "text/plain","bcpio" => "application/x-bcpio","bin" => "application/octet-stream","bmp" => "image/bmp","c" => "text/plain","cat" => "application/vnd.ms-pkiseccat","cdf" => "application/x-cdf","cer" => "application/x-x509-ca-cert","class" => "application/octet-stream","clp" => "application/x-msclip","cmx" => "image/x-cmx","cod" => "image/cis-cod","cpio" => "application/x-cpio","crd" => "application/x-mscardfile","crl" => "application/pkix-crl","crt" => "application/x-x509-ca-cert","csh" => "application/x-csh","css" => "text/css","dcr" => "application/x-director","der" => "application/x-x509-ca-cert","dir" => "application/x-director","dll" => "application/x-msdownload","dms" => "application/octet-stream","doc" => "application/msword","dot" => "application/msword","dvi" => "application/x-dvi","dxr" => "application/x-director","eps" => "application/postscript","etx" => "text/x-setext","evy" => "application/envoy","exe" => "application/octet-stream","fif" => "application/fractals","flr" => "x-world/x-vrml","gif" => "image/gif","gtar" => "application/x-gtar","gz" => "application/x-gzip","h" => "text/plain","hdf" => "application/x-hdf","hlp" => "application/winhlp","hqx" => "application/mac-binhex40","hta" => "application/hta","htc" => "text/x-component","htm" => "text/html","html" => "text/html","htt" => "text/webviewhtml","ico" => "image/x-icon","ief" => "image/ief","iii" => "application/x-iphone","ins" => "application/x-internet-signup","isp" => "application/x-internet-signup","jfif" => "image/pipeg","jpe" => "image/jpeg","jpeg" => "image/jpeg","jpg" => "image/jpeg","js" => "application/x-javascript","latex" => "application/x-latex","lha" => "application/octet-stream","lsf" => "video/x-la-asf","lsx" => "video/x-la-asf","lzh" => "application/octet-stream","m13" => "application/x-msmediaview","m14" => "application/x-msmediaview","m3u" => "audio/x-mpegurl","man" => "application/x-troff-man","mdb" => "application/x-msaccess","me" => "application/x-troff-me","mht" => "message/rfc822","mhtml" => "message/rfc822","mid" => "audio/mid","mny" => "application/x-msmoney","mov" => "video/quicktime","movie" => "video/x-sgi-movie","mp2" => "video/mpeg","mp3" => "audio/mpeg","mpa" => "video/mpeg","mpe" => "video/mpeg","mpeg" => "video/mpeg","mpg" => "video/mpeg","mpp" => "application/vnd.ms-project","mpv2" => "video/mpeg","ms" => "application/x-troff-ms","mvb" => "application/x-msmediaview","nws" => "message/rfc822","oda" => "application/oda","p10" => "application/pkcs10","p12" => "application/x-pkcs12","p7b" => "application/x-pkcs7-certificates","p7c" => "application/x-pkcs7-mime","p7m" => "application/x-pkcs7-mime","p7r" => "application/x-pkcs7-certreqresp","p7s" => "application/x-pkcs7-signature","pbm" => "image/x-portable-bitmap","pdf" => "application/pdf","pfx" => "application/x-pkcs12","pgm" => "image/x-portable-graymap","pko" => "application/ynd.ms-pkipko","pma" => "application/x-perfmon","pmc" => "application/x-perfmon","pml" => "application/x-perfmon","pmr" => "application/x-perfmon","pmw" => "application/x-perfmon","png" => "image/png","pnm" => "image/x-portable-anymap","pot," => "application/vnd.ms-powerpoint","ppm" => "image/x-portable-pixmap","pps" => "application/vnd.ms-powerpoint","ppt" => "application/vnd.ms-powerpoint","prf" => "application/pics-rules","ps" => "application/postscript","pub" => "application/x-mspublisher","qt" => "video/quicktime","ra" => "audio/x-pn-realaudio","ram" => "audio/x-pn-realaudio","ras" => "image/x-cmu-raster","rgb" => "image/x-rgb","rmi" => "audio/mid","roff" => "application/x-troff","rtf" => "application/rtf","rtx" => "text/richtext","scd" => "application/x-msschedule","sct" => "text/scriptlet","setpay" => "application/set-payment-initiation","setreg" => "application/set-registration-initiation","sh" => "application/x-sh","shar" => "application/x-shar","sit" => "application/x-stuffit","snd" => "audio/basic","spc" => "application/x-pkcs7-certificates","spl" => "application/futuresplash","src" => "application/x-wais-source","sst" => "application/vnd.ms-pkicertstore","stl" => "application/vnd.ms-pkistl","stm" => "text/html","sv4cpio" => "application/x-sv4cpio","sv4crc" => "application/x-sv4crc","swf" => "application/x-shockwave-flash","t" => "application/x-troff","tar" => "application/x-tar","tcl" => "application/x-tcl","tex" => "application/x-tex","texi" => "application/x-texinfo","texinfo" => "application/x-texinfo","tgz" => "application/x-compressed","tif" => "image/tiff","tiff" => "image/tiff","tr" => "application/x-troff","trm" => "application/x-msterminal","tsv" => "text/tab-separated-values","txt" => "text/plain","uls" => "text/iuls","ustar" => "application/x-ustar","vcf" => "text/x-vcard","vrml" => "x-world/x-vrml","wav" => "audio/x-wav","wcm" => "application/vnd.ms-works","wdb" => "application/vnd.ms-works","wks" => "application/vnd.ms-works","wmf" => "application/x-msmetafile","wps" => "application/vnd.ms-works","wri" => "application/x-mswrite","wrl" => "x-world/x-vrml","wrz" => "x-world/x-vrml","xaf" => "x-world/x-vrml","xbm" => "image/x-xbitmap","xla" => "application/vnd.ms-excel","xlc" => "application/vnd.ms-excel","xlm" => "application/vnd.ms-excel","xls" => "application/vnd.ms-excel","xlt" => "application/vnd.ms-excel","xlw" => "application/vnd.ms-excel","xof" => "x-world/x-vrml","xpm" => "image/x-xpixmap","xwd" => "image/x-xwindowdump","z" => "application/x-compress","zip" => "application/zip" 回复人: leechiyang(日出东方) ( ) 信誉:100 2005-06-08 08:54:00 得分: 0 通过 $_FILES['image']['type']判断就可以了,过滤掉application/octet-stream 是不是Type为application/octet-stream 的就禁止上传,但像rar这种压缩文件,得到的type也是application/octet-stream呀 回复人:syre(神仙) () 信誉:105 2005-7-26 13:55:56 删除 关掉执行权限就可以了 这样做的话.文件连读的权限都没有了 如何在网页中显示带权限的网络服务器上的图片 如何修改MYSQL默认的排序方式 zencart网站首页动画的开启 上传图片到指定路径,同时也上传到数据库里面 php如何读取mp3文件的信息 php 5开发工具 高手请进,在register_globals off后,无法传递类变量 我现在有两个应用放在两个服务器上。需要互相调用功能,不知怎么处理 php有没有服务器级别的全局变量? 求教Mysql version can not be less than 4.1问题 ------PHP CULR 问题----- 谁有比较全的新的php参考手册
$_FILES['image']['type']是一个方法,后缀是一个方法
"323" => "text/h323",
"acx" => "application/internet-property-stream",
"ai" => "application/postscript",
"aif" => "audio/x-aiff",
"aifc" => "audio/x-aiff",
"aiff" => "audio/x-aiff",
"asf" => "video/x-ms-asf",
"asr" => "video/x-ms-asf",
"asx" => "video/x-ms-asf",
"au" => "audio/basic",
"avi" => "video/x-msvideo",
"axs" => "application/olescript",
"bas" => "text/plain",
"bcpio" => "application/x-bcpio",
"bin" => "application/octet-stream",
"bmp" => "image/bmp",
"c" => "text/plain",
"cat" => "application/vnd.ms-pkiseccat",
"cdf" => "application/x-cdf",
"cer" => "application/x-x509-ca-cert",
"class" => "application/octet-stream",
"clp" => "application/x-msclip",
"cmx" => "image/x-cmx",
"cod" => "image/cis-cod",
"cpio" => "application/x-cpio",
"crd" => "application/x-mscardfile",
"crl" => "application/pkix-crl",
"crt" => "application/x-x509-ca-cert",
"csh" => "application/x-csh",
"css" => "text/css",
"dcr" => "application/x-director",
"der" => "application/x-x509-ca-cert",
"dir" => "application/x-director",
"dll" => "application/x-msdownload",
"dms" => "application/octet-stream",
"doc" => "application/msword",
"dot" => "application/msword",
"dvi" => "application/x-dvi",
"dxr" => "application/x-director",
"eps" => "application/postscript",
"etx" => "text/x-setext",
"evy" => "application/envoy",
"exe" => "application/octet-stream",
"fif" => "application/fractals",
"flr" => "x-world/x-vrml",
"gif" => "image/gif",
"gtar" => "application/x-gtar",
"gz" => "application/x-gzip",
"h" => "text/plain",
"hdf" => "application/x-hdf",
"hlp" => "application/winhlp",
"hqx" => "application/mac-binhex40",
"hta" => "application/hta",
"htc" => "text/x-component",
"htm" => "text/html",
"html" => "text/html",
"htt" => "text/webviewhtml",
"ico" => "image/x-icon",
"ief" => "image/ief",
"iii" => "application/x-iphone",
"ins" => "application/x-internet-signup",
"isp" => "application/x-internet-signup",
"jfif" => "image/pipeg",
"jpe" => "image/jpeg",
"jpeg" => "image/jpeg",
"jpg" => "image/jpeg",
"js" => "application/x-javascript",
"latex" => "application/x-latex",
"lha" => "application/octet-stream",
"lsf" => "video/x-la-asf",
"lsx" => "video/x-la-asf",
"lzh" => "application/octet-stream",
"m13" => "application/x-msmediaview",
"m14" => "application/x-msmediaview",
"m3u" => "audio/x-mpegurl",
"man" => "application/x-troff-man",
"mdb" => "application/x-msaccess",
"me" => "application/x-troff-me",
"mht" => "message/rfc822",
"mhtml" => "message/rfc822",
"mid" => "audio/mid",
"mny" => "application/x-msmoney",
"mov" => "video/quicktime",
"movie" => "video/x-sgi-movie",
"mp2" => "video/mpeg",
"mp3" => "audio/mpeg",
"mpa" => "video/mpeg",
"mpe" => "video/mpeg",
"mpeg" => "video/mpeg",
"mpg" => "video/mpeg",
"mpp" => "application/vnd.ms-project",
"mpv2" => "video/mpeg",
"ms" => "application/x-troff-ms",
"mvb" => "application/x-msmediaview",
"nws" => "message/rfc822",
"oda" => "application/oda",
"p10" => "application/pkcs10",
"p12" => "application/x-pkcs12",
"p7b" => "application/x-pkcs7-certificates",
"p7c" => "application/x-pkcs7-mime",
"p7m" => "application/x-pkcs7-mime",
"p7r" => "application/x-pkcs7-certreqresp",
"p7s" => "application/x-pkcs7-signature",
"pbm" => "image/x-portable-bitmap",
"pdf" => "application/pdf",
"pfx" => "application/x-pkcs12",
"pgm" => "image/x-portable-graymap",
"pko" => "application/ynd.ms-pkipko",
"pma" => "application/x-perfmon",
"pmc" => "application/x-perfmon",
"pml" => "application/x-perfmon",
"pmr" => "application/x-perfmon",
"pmw" => "application/x-perfmon",
"png" => "image/png",
"pnm" => "image/x-portable-anymap",
"pot," => "application/vnd.ms-powerpoint",
"ppm" => "image/x-portable-pixmap",
"pps" => "application/vnd.ms-powerpoint",
"ppt" => "application/vnd.ms-powerpoint",
"prf" => "application/pics-rules",
"ps" => "application/postscript",
"pub" => "application/x-mspublisher",
"qt" => "video/quicktime",
"ra" => "audio/x-pn-realaudio",
"ram" => "audio/x-pn-realaudio",
"ras" => "image/x-cmu-raster",
"rgb" => "image/x-rgb",
"rmi" => "audio/mid",
"roff" => "application/x-troff",
"rtf" => "application/rtf",
"rtx" => "text/richtext",
"scd" => "application/x-msschedule",
"sct" => "text/scriptlet",
"setpay" => "application/set-payment-initiation",
"setreg" => "application/set-registration-initiation",
"sh" => "application/x-sh",
"shar" => "application/x-shar",
"sit" => "application/x-stuffit",
"snd" => "audio/basic",
"spc" => "application/x-pkcs7-certificates",
"spl" => "application/futuresplash",
"src" => "application/x-wais-source",
"sst" => "application/vnd.ms-pkicertstore",
"stl" => "application/vnd.ms-pkistl",
"stm" => "text/html",
"sv4cpio" => "application/x-sv4cpio",
"sv4crc" => "application/x-sv4crc",
"swf" => "application/x-shockwave-flash",
"t" => "application/x-troff",
"tar" => "application/x-tar",
"tcl" => "application/x-tcl",
"tex" => "application/x-tex",
"texi" => "application/x-texinfo",
"texinfo" => "application/x-texinfo",
"tgz" => "application/x-compressed",
"tif" => "image/tiff",
"tiff" => "image/tiff",
"tr" => "application/x-troff",
"trm" => "application/x-msterminal",
"tsv" => "text/tab-separated-values",
"txt" => "text/plain",
"uls" => "text/iuls",
"ustar" => "application/x-ustar",
"vcf" => "text/x-vcard",
"vrml" => "x-world/x-vrml",
"wav" => "audio/x-wav",
"wcm" => "application/vnd.ms-works",
"wdb" => "application/vnd.ms-works",
"wks" => "application/vnd.ms-works",
"wmf" => "application/x-msmetafile",
"wps" => "application/vnd.ms-works",
"wri" => "application/x-mswrite",
"wrl" => "x-world/x-vrml",
"wrz" => "x-world/x-vrml",
"xaf" => "x-world/x-vrml",
"xbm" => "image/x-xbitmap",
"xla" => "application/vnd.ms-excel",
"xlc" => "application/vnd.ms-excel",
"xlm" => "application/vnd.ms-excel",
"xls" => "application/vnd.ms-excel",
"xlt" => "application/vnd.ms-excel",
"xlw" => "application/vnd.ms-excel",
"xof" => "x-world/x-vrml",
"xpm" => "image/x-xpixmap",
"xwd" => "image/x-xwindowdump",
"z" => "application/x-compress",
"zip" => "application/zip"
通过 $_FILES['image']['type']判断就可以了,过滤掉application/octet-stream
是不是Type为application/octet-stream 的就禁止上传,但像rar这种压缩文件,得到的type也是application/octet-stream呀
关掉执行权限就可以了
这样做的话.文件连读的权限都没有了