PHP 文件上传中的反斜杠

Question

一点背景知识：

我的教会网站位于 Godaddy 的共享 Windows 托管计划上。虽然我讨厌 Windows 并且会将网站移至基于 Linux 的服务器，但这不是我的托管帐户，所以我不能这样做。我目前正在尝试实现一个 GUI，用于将布道上传到网站。我知道如何在 Linux 服务器上执行此操作，所以我认为 Windows 代码会类似。我遇到的一个地方是上传路径。我们 Godaddy 服务器上的绝对路径是

D:\Hosting\5402716\html\WFBC\wacofamily.com\sermons\2014\

然而，反斜杠转义了特殊字符，所以我想我需要两个。

D:\\Hosting\\5402716\\html\\WFBC\\wacofamily.com\\sermons\\2014\\

问题：

然后我测试了上传，但出现以下错误：

收到以下系统级消息：权限或相关错误将文件移动到 D:托管,02716htmlWFBCwacofamily.comsermons4WFBC20130106AM.mp3

看来 PHP 正在消除除 \54 和 \201 之外的所有反斜杠。根据 这个网站, \54 是逗号，\201 未使用（或空白）。这解释了为什么我收到逗号，而 2014 年的 201 正在消失。但它并没有解释为什么双反斜杠不只是变成单反斜杠。这是应该上传图像的 PHP 脚本：

<?php
    error_reporting(E_ALL);
    ini_set('display_errors', 'on');
    require_once 'authorize.php';
    if(!(strtolower($this_user_type) == 'admin') && !(strtolower($this_user_type) == 'administrator') && !(strtolower($this_user_type) == 'elder')) {
        header('Location: /login.php?message=You%20do%20not%20have%20permission%20to%20view%20this%20page.%20%20You%20are%20a(n)%20'.$this_user_type.'.');
        exit;
    }
    ini_set('upload_max_filesize', '20971520');
    ini_set('post_max_size', '20971520');
    ini_set('memory_limit', '20971520');
    ini_set('max_input_time', 360);
    ini_set('max_execution_time', 360);
    require_once 'appConfig.php';
    require_once 'databaseConnection.php';
    $php_errors = array(1 => 'Maximum file size in php.ini exceeded', 2 => 'Maximum file size in HTML form exceeded', 3 => 'Only part of the file was uploaded', 4 => 'No file was selected to upload.');
    $article_id = htmlentities(trim($_REQUEST['sermon_id']));
    $date = htmlentities(trim($_REQUEST['date']));
    $pastor = htmlentities(trim($_REQUEST['pastor']));
    $title = htmlentities(trim($_REQUEST['title']));
    $passage = htmlentities(trim($_REQUEST['passage']));
    $folder_name = date('Y', strtotime($date));
    if (!is_dir('../../sermons/'.$folder_name."/")) {
        mkdir('../../sermons/'.$folder_name, 0777) or handle_error("the server couldn't upload the image you selected.", 'could not create directory');
    }
    $upload_dir = HOST_WWW_ROOT.'sermons\\'.$folder_name.'\\';
    $image_fieldname = "sermon_mp3";
    ($_FILES[$image_fieldname]['error'] == 0) or handle_error("the server couldn't upload the image you selected.", $php_errors[$_FILES[$image_fieldname]['error']]);
    @is_uploaded_file($_FILES[$image_fieldname]['tmp_name']) or handle_error("you were trying to do something naughty. Shame on you!", "Uploaded request: file named '{$_FILES[$image_fieldname]['tmp_name']}'");
    $upload_filename = $upload_dir.$_FILES[$image_fieldname]['name'];
    @move_uploaded_file($_FILES[$image_fieldname]['tmp_name'], $upload_filename) or handle_error("we had a problem saving your image to its permanent location.", "permissions or related error moving file to {$upload_filename}");
    if ($article_id) {
        $stmt = $mysqli->prepare("UPDATE `wfbcsermons`.`sermons` SET `date`=?, `pastor`=?, `sermon`=?, `book`=?, `chapter`=?, `end_chapter`=?, `start_verse`=?, `end_verse`=?, `path`=? WHERE `id`=?;") or handle_error("There was a problem updating the database.", "prepare failed :".htmlspecialchars($mysqli->error));
        $stmt->bind_param('sssssssssi', $sermon_date, $sermon_pastor, $sermon_title, $book, $chapter, $end_chapter, $start_verse, $end_verse, $sermon_path, $id) or handle_error("There was a problem updating the database.", "bind_param failed :".htmlspecialchars($stmt->error));
        $sermon_date = $date;
        $sermon_pastor = $pastor;
        $sermon_title = $title;
        $passage_pieces = explode(" ", $passage);
        $book = $passage_pieces[0];
        $number_pieces = explode("-", $passage_pieces[1]);
        $start_pieces = explode(":", $number_pieces[0]);
        $chapter = $start_pieces[0];
        $start_verse = $start_pieces[1];
        $end_pieces = explode(":", $number_pieces[1]);
        $end_chapter = $start_pieces[0];
        $end_verse = $start_pieces[1];
        $sermon_path = 'http://www.wacofamily.com/sermons/'.$folder_name.'/'.$_FILES[$image_fieldname]['name'];
        $id = $sermon_id;
        $stmt->execute() or handle_error("There was a problem updating the database.", "execute failed :".htmlspecialchars($stmt->error));
    }
    else {
        $stmt = $mysqli->prepare("INSERT INTO `wfbcsermons`.`sermons` (`date`, `pastor`, `sermon`, `book`, `chapter`, `end_chapter`, `start_verse`, `end_verse`, `path`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);") or handle_error("There was a problem updating the database.", "prepare failed :".htmlspecialchars($mysqli->error));
        $stmt->bind_param('sssssssssi', $sermon_date, $sermon_pastor, $sermon_title, $book, $chapter, $end_chapter, $start_verse, $end_verse, $sermon_path) or handle_error("There was a problem updating the database.", "bind_param failed :".htmlspecialchars($stmt->error));
        $sermon_date = $date;
        $sermon_pastor = $pastor;
        $sermon_title = $title;
        $passage_pieces = explode(" ", $passage);
        $book = $passage_pieces[0];
        $number_pieces = explode("-", $passage_pieces[1]);
        $start_pieces = explode(":", $number_pieces[0]);
        $chapter = $start_pieces[0];
        $start_verse = $start_pieces[1];
        $end_pieces = explode(":", $number_pieces[1]);
        $end_chapter = $start_pieces[0];
        $end_verse = $start_pieces[1];
        $sermon_path = 'http://www.wacofamily.com/sermons/'.$folder_name.'/'.$_FILES[$image_fieldname]['name'];
        $stmt->execute() or handle_error("There was a problem updating the database.", "execute failed :".htmlspecialchars($stmt->error));
    }
    $stmt->close();
    $mysqli->close();
    header("Location: ../../admin.php");
    exit();
?>

这是定义 HOST_WWW_ROOT 的 app_config.php：

<?php
    define("DEBUG_MODE", true);
    define("SITE_ROOT", "http://www.wacofamily.com/");
    define("DATABASE_HOST", "wfbcsermons.db.5402716.hostedresource.com");
    define("DATABASE_USERNAME", "**********");
    define("DATABASE_PASSWORD", "**********");
    define("DATABASE_NAME", "wfbcsermons");
    define("HOST_WWW_ROOT", "D:\\Hosting\\5402716\\html\\WFBC\\wacofamily.com\\");
    function js_redirect($url, $seconds=0) {  
        echo "<script language=\"JavaScript\">\n";  
        echo "<!-- hide from old browser\n\n";       
        echo "function redirect() {\n";  
        echo "window.location = \"" . $url . "\";\n";  
        echo "}\n\n";  
        echo "timer = setTimeout('redirect()', '" . ($seconds*1000) . "');\n\n";  
        echo "-->\n";  
        echo "</script>\n";  
        return true;  
    }  
    function handle_error($user_error_message, $system_error_message) {
        js_redirect('http://www.wacofamily.com/error.php?error_message='.$user_error_message.'&system_error_message='.$system_error_message, 0);
        exit();
    }
    function debug_print($message) {
        if (DEBUG_MODE) {
            echo $message;
        }
    }
?>

我尝试过的：

我尝试过以下字符串：

四个反斜杠（如正则表达式）：

define("HOST_WWW_ROOT", "D:\\\\Hosting\\\\5402716\\\\html\\\\WFBC\\\\wacofamily.com\\\\");

单引号内的单反斜杠：

define("HOST_WWW_ROOT", 'D:\Hosting\5402716\html\WFBC\wacofamily.com\\');

使用 \, ，这是反斜杠的 HTML 字符代码：

define("HOST_WWW_ROOT", "D:\Hosting\5402716\html\WFBC\wacofamily.com\");

使用 \134 这应该是反斜杠的八进制序列

define("HOST_WWW_ROOT", "D:\134Hosting\1345402716\134html\134WFBC\134wacofamily.com\134");

使用正斜杠作为 这个问题 说：

define("HOST_WWW_ROOT", "D:/Hosting/402716/html/WFBC/wacofamily.com/");

按照 Machavity 的建议使用 DIRECTORY_SEPARATOR ：

define("HOST_WWW_ROOT", "D:".DIRECTORY_SEPARATOR."Hosting".DIRECTORY_SEPARATOR ."402716".DIRECTORY_SEPARATOR ."html".DIRECTORY_SEPARATOR ."WFBC".DIRECTORY_SEPARATOR ."wacofamily.com".DIRECTORY_SEPARATOR );

当然，还有双反斜杠

define("HOST_WWW_ROOT", "D:\\Hosting\\5402716\\html\\WFBC\\wacofamily.com\\");

我对创建上传路径涉及的所有字符串进行了这些更改。我仅包含 HOST_WWW_ROOT 定义以节省空间。

正如 SirNarsh 提醒我的那样，如果我回显我正在使用的路径，它看起来带有反斜杠就好了。然而，当我将路径传递给 move_uploaded_file 函数时，事情就变得混乱了。

Answer 1

好吧，我明白了，现在我觉得很愚蠢。我最终使用了正斜杠。这之前不起作用的原因是权限（我认为我检查过）没有设置为让我写入。因此，对于其他遇到此问题的人：

1. 使用正斜杠
2. 检查您的权限（并仔细检查它们）

Answer 2

您应该使用 stripslashes() 来读取数据