WordPress上传图像函数media_handle_upload详解
最近几篇文章好像涉及到wordpress文件上传的功能,为了方便大家学习wordpress,以及对大家的网站安…
最近几篇文章好像涉及到wordpress文件上传的功能,为了方便大家学习wordpress,以及对大家的网站安全考虑,在此介绍下wordpress官方提供的媒体上传函数media_handle_upload。使用它你不必考虑像PHP的文件上传函数那样是否会存在传马漏洞,wordpress的开发者已经帮你写好了验证,下面一起来学习下吧。
函数介绍
media_handle_upload( string $file_id, int $post_id, array $post_data = array(),array $overrides = array('test_form' => false) )
保存post上传的文件,并绑定一篇文章。
原型
函数位于wp-admin/includes/media.php文件中,在线地址:
https://developer.wordpress.org/reference/files/wp-admin/includes/media.php/
参数
- $file_id
(string) (必须) 文件发送的$_FILES
数组的索引。 - $post_id
(int) (必须) 要将媒体项目附加到的帖子的POST ID。必需的,但可以设置为0,创建与POST无关的媒体项。 - $post_data
(array) (可选) 覆盖一些附件。
默认值: array() - $overrides
(array) (可选) 重写函数wp_handle_upload()
。
默认值: array(‘test_form’ => false)
返回值
(int|WP_Error) 成功返回附件ID,失败返回wp_error错误对象。
使用示例
从网站前端的表单上传附件。上传表单可能如下所示:
<form id="featured_upload" method="post" action="#" enctype="multipart/form-data"> <input type="file" name="my_image_upload" id="my_image_upload" multiple="false" /> <input type="hidden" name="post_id" id="post_id" value="55" /> <?php wp_nonce_field( 'my_image_upload', 'my_image_upload_nonce' ); ?> <input id="submit_my_image_upload" name="submit_my_image_upload" type="submit" value="Upload" /> </form>
PHP保存文件代码:
<?php // Check that the nonce is valid, and the user can edit this post. if ( isset( $_POST['my_image_upload_nonce'], $_POST['post_id'] ) && wp_verify_nonce( $_POST['my_image_upload_nonce'], 'my_image_upload' ) && current_user_can( 'edit_post', $_POST['post_id'] ) ) { // The nonce was valid and the user has the capabilities, it is safe to continue. // These files need to be included as dependencies when on the front end. require_once( ABSPATH . 'wp-admin/includes/image.php' ); require_once( ABSPATH . 'wp-admin/includes/file.php' ); require_once( ABSPATH . 'wp-admin/includes/media.php' ); // Let WordPress handle the upload. // Remember, 'my_image_upload' is the name of our file input in our form above. $attachment_id = media_handle_upload( 'my_image_upload', $_POST['post_id'] ); if ( is_wp_error( $attachment_id ) ) { // There was an error uploading the image. } else { // The image was uploaded successfully! } } else { // The security check failed, maybe show the user an error. }
类别:SEO、
本文收集自互联网,转载请注明来源。
如有侵权,请联系 wper_net@163.com 删除。
还没有任何评论,赶紧来占个楼吧!