向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除|赢在IT，Playin' with IT,Focus on Killer Application,Marketing Meets Technology.

content-length:  这个值是从--$boundary，\r\nContent-Disposition: form-data; name=\"".rawurlencode($k)."\"\r\n\r\n， ...文件内容。。。\r\n".$boundary_2."--\r\n\r\n结束。注意：
最后的content的分割符也就是boundary还有两个--，表示结束。


其实协议是一个规化，代码是一个实现，久而久之，规划成为了规则，如：RFC协议就是一个大家在开发浏览器必须遵守的协议（http的（RFC 1867）：让HTML表单可以提交文件。它对HTML表单的扩展），而也具有开放性，为此，各种程序都可以实现这个协议，程序为协议而生，协议为功能而用，下面我们来实现一个通过PHP的Socket来模拟一次浏览器上传一张图片的提交代码，如下：

模拟浏览器遵循的Http协议发送图片程序，boundary开始时有一个 --,结束时：也有有 --,真正结束后有\r\n\r\n：
<?php $img_file = 'resources/images/winter.jpg'; $argva =array('username' => 'Jerry', 'password' => '123456'); echo postdata("http://u.levoo.boosh.com.cn/upimage.php?hatchdevid=123456",$argva,$img_file); function postdata($posturl,$data=array(),$file=''){ $url = parse_url($posturl); $boundary = "---------------------------".substr(md5(rand(0,32000)),0,10); $boundary_2 = "--$boundary"; $content = $encoded = ""; if($data){ while (list($k,$v) = each($data)){ $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"".rawurlencode($k)."\"\r\n\r\n"; $encoded .= rawurlencode($v)."\r\n"; } } if($file){ $ext=strrchr($file,"."); $type = "image/jpeg"; switch($ext){ case '.gif': $type = "image/gif"; break; case '.jpg': $type = "image/jpeg"; break; case '.png': $type = "image/png"; break; } $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"eggpic\"; filename=\"$file\"\r\nContent-Type: $type\r\n\r\n"; $content = join("", file($file)); $encoded.=$content."\r\n"; } $encoded .= "\r\n".$boundary_2."--\r\n\r\n"; $length = strlen($encoded); $fp = fsockopen($url['host'],80); if(!$fp) return "Failed to open socket to $url[host]"; //fputs($fp, "POST $url[path] HTTP/1.0\r\n"); fputs($fp, "POST $posturl HTTP/1.0\r\n"); #传一个Get参数可以取到，如用上面的$url[path]取不到get参数的hatchdevid值 fputs($fp, "Host: $url[host]\r\n"); fputs($fp, "Content-type: multipart/form-data; boundary=$boundary\r\n"); fputs($fp, "Content-length: ".$length."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $encoded); $line = fgets($fp,1024); echo $line; $results = ""; $inheader = 1; while(!feof($fp)){ $line = fgets($fp,1024); if($inheader && ($line == "\r\n" || $line == "\r\r\n")){ $inheader = 0; }elseif(!$inheader){ $results .= $line; } } fclose($fp); //echo $encoded."\n"; return $results; } ?>


PHP接收发送过来的图片程序：
header("Content-type: text/html; charset=utf-8"); print_r($_FILES); print_r($_POST); ......

测试返回：
Array (     [imageaaa] => Array         (             [name] => Winter.jpg             [type] => image/jpeg             [tmp_name] => /tmp/phpTuioCN             [error] => 0             [size] => 812247         ) ) Array (     [username] => Jerry     [password] => 123456 ) type is not exist,permision denied
为何出现这样的情况呢？查找代码片段imageaaa，这个修改为file即可，修改后如下所示，上传成功：
Array (     [file] => Array         (             [name] => Winter.jpg             [type] => image/jpeg             [tmp_name] => /tmp/phpnKnLy5             [error] => 0             [size] => 812247         ) ) Array (     [username] => Jerry     [password] => 123456 ) Stored in: upload/Winter.jpg???,??????!<script>alert('???,??????,???!');history.go(-1);</script>
说明是Ok的，查下upload目录下，果然是在这个图片的，证明PHP是完全可以通过fsocket来模拟Http上传图片协议来实现浏览器上传的。

下面贴出PHP上传图片的简单代码：
<?php header("Content-type: text/html; charset=utf-8"); print_r($_FILES); print_r($_POST); if ((($_FILES["file"]["type"] == "image/gif")         &#124;&#124; ($_FILES["file"]["type"] == "image/jpeg")         &#124;&#124; ($_FILES["file"]["type"] == "application/octet-stream")         &#124;&#124; ($_FILES["file"]["type"] == "image/pjpeg"))       && ($_FILES["file"]["size"] < 2000000)) {   if ($_FILES["file"]["error"] > 0)   {     echo "错误信息: " . $_FILES["file"]["error"] . "<br />";   //如果上传过程中出现错误，提示出来错误信息   }   else   {     if (file_exists("upload/" . $_FILES["file"]["name"]))     {       echo $_FILES["file"]["name"] . " 此文件已存在，请换一个图片名称再上传. ";       echo "<script>alert('".$_FILES["file"]["name"]." 此文件已存在，请换一个图片名称再上传.');history.go(-1);</script>";     }     else     {       move_uploaded_file($_FILES["file"]["tmp_name"],             "upload/" . $_FILES["file"]["name"]);       echo "Stored in: " . "upload/" . $_FILES["file"]["name"];       echo "恭喜您，文件上传成功！";       echo "<script>alert('恭喜您，文件上传成功，请返回！');history.go(-1);</script>";     }   } }else {   echo "type is not exist,permision denied"; } ?>
同时，这块是Http上传协议，用C，C++，Java也是可以实现的解析该Http协议的，这样图片上传就可以实现跨语言传输了，呵。
Write By:Jackxiang,回忆未来，向东，其实都是一个人哈，呵呵。

附录：
1.代码分析极其图片内容偷换试验情况：
if($data){ while (list($k,$v) = each($data)){ $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"".rawurlencode($k)."\"\r\n\r\n"; $encoded .= rawurlencode($v)."\r\n"; } ......//rawurlencode主要是模拟浏览器提交，把传入的数组组合成一个Http的Rfc之Post协议。 $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"file\"; filename=\"$file\"\r\nContent-Type: $type\r\n\r\n"; //$content = join("", file($file)); $content = "This is a picture contents.";//这儿是完全可以进行替换图片内容 的，file返回图片内容为一个数组，后join就是一张图片的内容 $encoded.=$content."\r\n"; } $encoded .= "\r\n".$boundary_2."--\r\n\r\n"; $length = strlen($encoded); echo $encoded; echo "length=".$length."\r\n"; $fp = fsockopen($url['host'],80);
执行查看其Rfc传输的协议：
[root@jackxiang wenkongbao]# php file.php   -----------------------------228499b553 Content-Disposition: form-data; name="username" Jerry -----------------------------228499b553 Content-Disposition: form-data; name="password" 123456 -----------------------------228499b553 Content-Disposition: form-data; name="file"; filename="Winter.jpg" Content-Type: image/jpeg This is a picture contents. -----------------------------228499b553-- length=412 Array (     [file] => Array         (             [name] => Winter.jpg             [type] => image/jpeg             [tmp_name] => /tmp/phptZT32d             [error] => 0             [size] => 29         ) ) Array (     [username] => Jerry     [password] => 123456 ) Stored in: upload/Winter.jpg???,??????!<script>alert('???,??????,???!');history.go(-1);</script>
查看图片：
[root@jackxiang wenkongbao]# cat upload/Winter.jpg This is a picture contents.
2.$boundary_2和$boundary的认识：
$boundary_2 = "--$boundary";//多了-- ...... ...... ...... $encoded .= "\r\n".$boundary_2."--\r\n\r\n"; //加上了--

fputs($fp, "POST $url[path] HTTP/1.0\r\n"); fputs($fp, "Host: $url[host]\r\n"); fputs($fp, "Content-type: multipart/form-data; boundary=$boundary\r\n");// 这儿是$boundary fputs($fp, "Content-length: ".$length."\r\n"); fputs($fp, "Connection: close\r\n\r\n");//这儿里面全是$boundary_2 fputs($fp, $encoded);

3.代码boundary后追加--疑问：
对于后面：加上了 --的一般浏览器上传通过抓包查看（$encoded .= "\r\n".$boundary_2."--\r\n\r\n"; //加上了--
），上传协议通过Fiddler2抓包查看，发现果然在结尾也多得有一个--的符号，这块可能在see RFC2616中应该有特别描述这块：
POST /postcgi HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQPinyin 689; TencentTraveler 4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727; msn OptimizedIE8;ZHCN) Content-Type: multipart/form-data; boundary=---------------------------7db434180f1c Accept-Encoding: gzip, deflate Connection: Keep-Alive Content-Length: 559 Host: act.qq.com Pragma: no-cache Cookie: ac=1,030,012; o_cookie=372647693; pgv_pvid=1178192826; pgv_flv=10.0; pgv_r_cookie=1141195738684; pt2gguin=o0372647693; comment_uin=372647693 %u56de%u5fc6%u672a%u6765; comment_skey=e6888c5c9c7df1ab2a0353a0ee997c77+%BB%D8%D2%E4%CE%B4%C0%B4; pp_visitkey=20763857487967539; pvid=1178192826; suid=6712511995; lv_irt_id=4b2ac9aae16fbfcf6b13b86ab1e03580; uin_cookie=372647693; euin_cookie=C17391AD3B3F7C7DA501BB46FFDE372C10A364C97D642DE0 -----------------------------7db434180f1c Content-Disposition: form-data; name="name" jackxiang -----------------------------7db434180f1c Content-Disposition: form-data; name="fileField"; filename="C:\Documents and Settings\jackxiang\桌面\Curl_Host.txt" Content-Type: text/plain curl -l -H "Host:qdd.act.qq.com"  http://172.24.18.104/wap/getfriends?uin=250138501&pwd=b2b3e01785f326bcc68bd184cfbc1aec -----------------------------7db434180f1c Content-Disposition: form-data; name="button" 提交 -----------------------------7db434180f1c--

看抓包情况的上面两行，在提交下一行的-----------------------------7db434180f1c后面就有一个--：
Content-Disposition: form-data; name="button"

提交
-----------------------------7db434180f1c--



同时参考来源也贴下：http://topic.csdn.net/u/20110619/23/7b0403de-c494-4592-9cc8-9b04f87ddb4a.html?98743

这个兄弟说得较为详细，新添加【2013-04-10】：http://blog.zhaojie.me/2011/03/html-form-file-uploading-programming.html



Add Time：2014-01-18 测试c和epoll多进程上传文本加强版本：
<?php   function postdata($posturl,$data=array(),$file=''){     $url = parse_url($posturl);     $boundary = "---------------------------".substr(md5(rand(0,32000)),0,10);     $boundary_2 = "--$boundary";     $content = $encoded = "";     if($data){       while (list($k,$v) = each($data)){         $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"".rawurlencode($k)."\"\r\n\r\n";         $encoded .= rawurlencode($v)."\r\n";       }     }     if($file){       $ext=strrchr($file,".");       $type = "image/jpeg";       switch($ext){         case '.gif': $type = "image/gif";                break;         case '.jpg': $type = "image/jpeg";                break;         case '.png': $type = "image/png";                break;         case '.txt': $type = "text/plain";                break;       }       $encoded .= $boundary_2."\r\nContent-Disposition: form-data; name=\"file\"; filename=\"$file\"\r\nContent-Type: $type\r\n\r\n";       $content = join("", file($file));       $encoded.=$content."\r\n";       echo $encoded;   }     $encoded .= "\r\n".$boundary_2."--\r\n\r\n";     $length = strlen($encoded);     $fp = fsockopen($url['host'],$url['port']);     if(!$fp) return "Failed to open socket to $url[host]";     fputs($fp, "POST $url[path] HTTP/1.0\r\n");     fputs($fp, "Host: $url[host]\r\n");     fputs($fp, "Content-type: multipart/form-data; boundary=$boundary\r\n");     fputs($fp, "Content-length: ".$length."\r\n");     fputs($fp, "Connection: close\r\n\r\n");     fputs($fp, $encoded);     $line = fgets($fp,1024);     if (!eregi("^HTTP/1\.. 200", $line)) return null;     $results = "";     $inheader = 1;     while(!feof($fp)){       $line = fgets($fp,1024);       if($inheader && ($line == "\r\n" || $line == "\r\r\n")){         $inheader = 0;       }elseif(!$inheader){         $results .= $line;       }     }     fclose($fp);     return $results;   }   ?>   <?php $img_file = '/tmp/jack.txt';   $argva =array('username' => 'Jerry', 'password' => '123456');   echo postdata("http://localhost:6666/",$argva,$img_file);  

c服务器收到：
Host: localhost
Content-type: multipart/form-data; boundary=---------------------------16b5e60b80
Content-length: 404
Connection: close

-----------------------------16b5e60b80
Content-Disposition: form-data; name="username"

Jerry
-----------------------------16b5e60b80
Content-Disposition: form-data; name="password"

123456
-----------------------------16b5e60b80
Content-Disposition: form-data; name="file"; filename="/tmp/jack.txt"
Content-Type: text/plain

1234567 jjj efg


-----------------------------16b5e60b80--

作者：jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除
地址：https://jackxiang.com/post/4411/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明！