个人中心
gpt4 book ai didi

How to get a file's extension in PHP?(如何在PHP中获取文件的扩展名?)

转载 作者:bug小助手 更新时间:2023-10-24 22:35:34 24 4
gpt4 key购买 nike



This is a question you can read everywhere on the web with various answers:

这是一个你可以在网上到处读到的问题,有各种各样的答案:



$ext = end(explode('.', $filename));
$ext = substr(strrchr($filename, '.'), 1);
$ext = substr($filename, strrpos($filename, '.') + 1);
$ext = preg_replace('/^.*\.([^.]+)$/D', '$1', $filename);

$exts = split("[/\\.]", $filename);
$n    = count($exts)-1;
$ext  = $exts[$n];


etc.

等。



However, there is always "the best way" and it should be on Stack Overflow.

然而,总有“最好的方法”,它应该在堆栈溢出上。


更多回答

Source of question and answer: cowburn.info/2008/01/13/get-file-extension-comparison

问答来源:cowburn.info/2008/01/13/get-file-extension-comparison

One more way to get ext is strrchr($filename, '.');

另一种获取ext的方法是strrchr($FILENAME,‘.);

strrpos is the correct way (see my answer) but it needs an addition for the no-extension case.

Strrpos是正确的方式(请参见我的答案),但是对于不能扩展的情况,它需要一个附加项。

Question is what you want with that info. Do you want to get the file extension to get the file type? That is not a good solution as it might be wrong.

问题是你想用这些信息做什么。是否要获取文件扩展名以获取文件类型?这不是一个好的解决方案,因为它可能是错误的。

优秀答案推荐

Use

使用



str_replace('.', '', strrchr($file_name, '.'))


for a quick extension retrieval (if you know for sure your file name has one).

用于快速扩展名检索(如果您确定您的文件名有扩展名)。



Don't trust the file extension from the file path.


You must be careful when assuming that a file extension reflects what the file contains. A malicious script can easily be hidden under another file extension.

假设文件扩展名反映文件包含的内容时,必须小心。恶意脚本可以很容易地隐藏在另一个文件扩展名下。


You can detect the real file extension (from reading inside the file), with mime_content_type($filePath), if your PHP module mod_mime_magic is on.

如果您的PHP模块mod_MIME_MAGIC处于打开状态,则可以使用MIME_CONTENT_TYPE($filePath)检测真正的文件扩展名(从文件内部读取)。


This will give you the accurate mime type of the file, from which you can easily resolve the extension with a simple function like:

这将为您提供准确的MIME文件类型,您可以使用如下所示的简单函数轻松解析扩展名:


/**
 * Get the file extension for a given mime type.
 *
 * @param string $mimeType
 * @return string|false the file extension or false in case of failure
 */
function getExtension (string $mimeType): string|false {
  $extensions = [
      'image/jpeg' => 'jpg',
      'image/png' => 'png',
      'image/gif' => 'gif',
      'image/webp' => 'webp',
      'image/svg' => 'svg',
      'image/svg+xml' => 'svg',
      'application/json' => 'json',
      'application/pdf' => 'pdf',
      'application/zip' => 'zip',
      'application/x-zip-compressed' => 'zip',
      'text/xml' => 'xml',
      ... // NOT EXHAUSTIVE LIST.
  ];

  return $extensions[$mimeType] ?? false;
}

In addition, in some cases, there is no extension in the file path, and it is therefore impossible to know its extension from pathinfo($file->tmp_name, PATHINFO_EXTENSION). In that case, mime_content_type function will still succeed.

此外,在某些情况下,文件路径中没有扩展名,因此不可能从pathinfo($FILE->tMP_NAME,PATHINFO_EXTENSION)中知道其扩展名。在这种情况下,MIME_CONTENT_TYPE函数仍将成功。


更多回答

It's not that simple. And blindly trusting the mime type can do more harm than good. How can you be sure that a "malicious" script is not "hidden" under another mime type as well? If a file both an image and a php script, what extension would be "real" for it?

事情没那么简单。盲目相信MIME类型可能弊大于利。如何确保“恶意”脚本不会被“隐藏”在另一种MIME类型下?如果一个文件既有图像又有php脚本,那么它的扩展名是什么?

Your answer seems redundant and potentially dangerous in the context of current question. Yes, it's a good idea to validate files on upload (but checking the file extension is more important still). But using mime for the files that's already on your server is redundant

在当前问题的背景下,你的回答似乎是多余的,而且有潜在的危险。是的,在上传时验证文件是个好主意(但检查文件扩展名更重要)。但是对服务器上已有的文件使用MIME是多余的

Quoting the PHP module content: "This module determines the MIME type of files in the same way the Unix file(1) command works: it looks at the first few bytes of the file. It is intended as a "second line of defense" for cases that mod_mime can't resolve." -> I think this is one of the safest ways because it tries to read the file. Before blindly accepting the file on the server, I think it's still a good idea to check the mime and reject (delete from the server) if extension not allowed. This may still not be bulletproof, but it's a second layer of protection for not much effort.

引用PHP模块的内容:“这个模块确定文件的MIME类型的方式与Unix FILE(1)命令的工作方式相同:它查看文件的前几个字节。它的目的是在mod_MIME无法解析的情况下作为”第二道防线“。”->我认为这是最安全的方式之一,因为它试图读取文件。在盲目地接受服务器上的文件之前,我认为检查MIME并在不允许扩展名的情况下拒绝(从服务器删除)仍然是一个好主意。这可能仍然不是防弹的,但这是不需要太多努力的第二层保护。

The problem is, this answer is misplaced. The question has nothing to do with file uploads. It's just about getting a file ext from a filename.

问题是,这个答案放错了地方。这个问题与文件上传无关。它只是关于从文件名中获取一个文件EXT。

the question is "How to get a file's extension in PHP?" obviously not stating it should be from file name - but I don't care. this may be useful to some other users

问题是“如何在PHP中获取文件扩展名?”显然没有说明它应该是从文件名-但我不在乎。这可能对其他一些用户有用

24 4 0
文章推荐: Discord.NET GetUser returns null(Discord.NET GetUser返回空)
文章推荐: Google Apps Script gives error "Something Went Wrong" when I try to authorize my own code(当我尝试授权我自己的代码时,Google Apps脚本出现错误“Something Wed Error”)
文章推荐: homebrew installation during: /usr/bin/git fetch --force origin(安装自制软件的过程:/usr/bin/git FETCH--强制原点)
文章推荐: How to merge properties within an array of objects based on specific property(如何基于特定属性合并对象数组中的属性)
bug小助手
个人简介

我是一名优秀的程序员,十分优秀!

作者热门文章
滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com