<?php
if($submit)
{
$attach_ext=strtolower(strstr($attach_name,"."));
if($attach_ext==".php"||$attach_ext==".php3"||$attach_ext==".js"||$attach_ext==".asp"||$attach_ext==".vbs"||$attach_ext==".exe")
{
echo "<br>附件文件格式不正确!不能是.php、.php3、.js、.asp、.vbs、.exe之类的文件";
}
}
?>
<form action="<?php echo $PHP_SELF;?>" method="post" enctype="multipart/form-data">
<input name="attach" type="file" size="30" enctype="multipart/form-data">
<input type="submit" name="submit" value="上传附件">
if($submit)
{
$attach_ext=strtolower(strstr($attach_name,"."));
if($attach_ext==".php"||$attach_ext==".php3"||$attach_ext==".js"||$attach_ext==".asp"||$attach_ext==".vbs"||$attach_ext==".exe")
{
echo "<br>附件文件格式不正确!不能是.php、.php3、.js、.asp、.vbs、.exe之类的文件";
}
}
?>
<form action="<?php echo $PHP_SELF;?>" method="post" enctype="multipart/form-data">
<input name="attach" type="file" size="30" enctype="multipart/form-data">
<input type="submit" name="submit" value="上传附件">
$attach_ext=strtolower(strstr($attach_name,"."));
应改为
$pos=strrpos($attach_name,".");
if($pos===false){
$attach_ext="";
}else{
$attach_ext=strtolower(substr($attach_name,$pos+1));
}