php文件上传，如何限制文件上传类型

Question

我有以下代码来检查(上传的简历和推荐信是否匹配所需的类型(pdf 或 doc 或 docx)和大小(小于 400 kb)

//check file extension and size
         $resume= ($_FILES['resume']['name']); 
         $reference= ($_FILES['reference']['name']); 
         $ext = strrchr($resume, ".");
         $ext1 = strrchr($reference, ".");
        if (!(($_FILES["resume"]["type"] == "application/doc")
        || ($_FILES["resume"]["type"] == "application/docx")
        || ($_FILES["resume"]["type"] == "application/pdf" ))
         && (($_FILES["reference"]["type"] == "application/doc")
        || ($_FILES["reference"]["type"] == "application/docx")
        || ($_FILES["reference"]["type"] == "application/pdf"))
        && (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
        && (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
        &&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
        &&  ($_FILES["reference"]["size"] < 400000)) {  

stop user } else { allow files to upload }

这没有按预期工作，甚至允许 txt 文件通过 + 未检查大小限制，这有什么问题？

谢谢，

Answer 1

下面只是使用 mime 类型来验证文件，然后检查两者的大小。有关大多数 MIME 类型的列表，请参阅 here或谷歌。

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}