PHP:反义词和上传的文件
我正在创建一些代码,用于将 Word 文档的内容上传到服务器,提取其文本,然后将其插入数据库。
exec("PATH=$PATH:/home1/myserver/bin && antiword " .
$_FILES['file']['tmp_name'], $mycontent);
由于某些奇怪的原因, $mycontent 始终是一个空数组。谷歌并没有那么有帮助。有谁知道我做错了什么?
I'm creating some code that will upload the contents of a word document to a server, extract its text, and insert it into a database.
exec("PATH=$PATH:/home1/myserver/bin && antiword " .
$_FILES['file']['tmp_name'], $mycontent);
For some bizarre reason, $mycontent is always an empty array. Google wasn't that helpful. Does anyone know what I'm doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
exec 引用中的 $PATH 试图转换为 PHP $PATH,而不是 BASH $PATH。
您可以转义 $ (
\$) 或使用单引号。一般来说,您应该使用
escapeshellarg()或escapeshellcmd()来让事情变得更安全。本来可以避免这种情况的发生。此外,如果您使用用户输入调用exec(),这将有助于防止他们转义您的命令并调用自己的恶意 shell 命令。编辑
实际上,由于某种原因,您的文件名/路径可能存在问题。就从简单开始吧。
这是否有效:
如果没有,这是什么:
您必须创建一个文件来测试,并将其替换为 $_FILES 中的文件。但这可以直接从命令行运行吗?
The $PATH in your exec quote is trying to be converted to whatever your PHP $PATH is rather than the BASH $PATH.
You can either escape the $ (
\$) or use single quotes.In general, you should be using
escapeshellarg()orescapeshellcmd()to make things a bit safer. It would have prevented this situation. Also if you callexec()with user inputs, it will help prevent them from escaping your command and calling their own malicious shell commands.EDIT
Actually, you might have issues with your filename/path for some reason. Just start simple.
Does this work:
If not, what is this:
You'll have to create a file to test, and substitute it for the file in $_FILES. But does that work directly from the commandline?