SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: My Upload Code

  1. #1
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My Upload Code

    Hi Guys,

    This is my upload code, the only problem is, it uploads everything .php .txt extensions even though i have made an array to set allowed types:

    PHP Code:
    <?php    
      $photo 
    $_FILES["image"]["name"];
      
    $username mysql_escape_string($_POST['username']);
      
    $max_image_size 51200
      
    $allowed = array('.gif','.jpg','.png','.jpeg');
      
    $max_image_width 500;
      
    $max_image_height 450;  
      
    $random_digit rand(0000,9999);    
      
    $renamed_photo $random_digit.$_FILES["image"]["name"];
      
      
    // Check there wasn't a blank submission...////////////////////////////////////////////
      
    if(empty($_FILES["image"]["name"])) {
      
           echo 
    "<p>Sorry, But No File Was Selected, Please Go Back And Try Again.</p>";
           exit;  
      }
      
      
    // Create a query to check if the current user has uploaded a photo previously, so we can overwrite it
      
    $sql "SELECT photo FROM membership WHERE username='$username' LIMIT 1";
      
    $result mysql_query($sql$conn) or die(mysql_error());
        
      
    // Run the query in a while loop
      
    while($row mysql_fetch_array($result)) {
            
    // Set the photo name to the name already saved in the DB so we can overwrite the existing photo variables and file
            
    $photo $row['photo'];
            
            if (empty(
    $photo)) {
            
            } else {

            
    $renamed_photo $photo;
            
            }
      }
      
      
    // Validation for Image...
      
    if ($_FILES['image']['size'] > $max_image_size) {
       die (
    '<p>Sorry <i>$username</i> That Image Is Bigger Than The Allowed Size Of 3mb Please <a href="java script: history.go(-1)">Go Back</a></p>');
      }
      
      
    #####################################################################
      // Validate image dimensions...////////////////////////////////////////////////////////
      
    $dim getimagesize($_FILES['image']['tmp_name']);

      if(
    $dim[0] >= $max_image_width || $dim[1] >= $max_image_height) {
      
        die (
    "<p>Sorry, That Image Isn't Within The Current Upload Dimensions Please Go Back And Upload Another!</p>");
        
      }  
      
    // Validate image types.../////////////////////////////////////////////////////////////
      
    if(in_array($_FILES['image']['type'], $allowed)) {
      
        die (
    '<p>Sorry, That Image Isn\'t One Of The Allowed Types Please Make Sure It\'s A Photo!</p>');
      }
      
    #####################################################################
      
      
    $uploadpath "uploads/"// <- Upload folder...
      
    $uploadpath $uploadpath.$renamed_photo;
      if (!
    move_uploaded_file($_FILES["image"]["tmp_name"], $uploadpath))
         die(
    "<p>Sorry, There Was An Error Uploading Your Image!");
         echo(
    "<p><br />The Image (<b><font color=\"red\">" .$_FILES["image"]["name"]. "</b></font>) Has Been Uploaded Successfully!<br />");
        
      
    // Create our query.../////////////////////////////////////////////////////////////////
      
    $sql "UPDATE membership SET photo='$renamed_photo' WHERE username='$username'";

      
    // Run our query...////////////////////////////////////////////////////////////////////
      
    $rs mysql_query($sql$conn) or die(mysql_error());
    ?>
    thanks guys

    Graham

  2. #2
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    333
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try to change your code usign this validation

    Code:
    if ($_FILES['img']['name']){
      if (!preg_match("/(jpeg|gif|jpg|png)/",$_FILES['img']['type'])) { 
         die('error in file type');
      }
    }
    Open Blocked website
    Open Blocked Website
    Knowledge Is Knowing That A Tomato Is A Fruit,
    Wisdom Is Not Putting It In A Fruit Salad.

  3. #3
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Ruba,

    That works great thanks for that

    Graham

  4. #4
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_FILES['image']['type'] gives the mime type of the uploaded file as reported by the browser. It doesn't give the file extension as you apparently have assumed.

    So, if the uploaded file is a JPEG compressed image, $_FILES['image']['type'] holds the string 'image/jpeg' .

  5. #5
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1 thing i have noticed with the code is, it uploads .gif's fine but when it comes to jpg's it gives me an error (not allowed kinda thing) is theres omething wrong with jpg's the code doesnt like?

    cheers

    Graham

  6. #6
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    333
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Kailash Badu,
    I just what to add that it's depend to the browser, If I upload from firefox is the the same type when upload from IE $_FILES['image']['type']

    so using preg_match is better than check if ==
    Open Blocked website
    Open Blocked Website
    Knowledge Is Knowing That A Tomato Is A Fruit,
    Wisdom Is Not Putting It In A Fruit Salad.

  7. #7
    Non-Member I87's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    378
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ruba View Post
    try to change your code usign this validation

    Code:
    if ($_FILES['img']['name']){
      if (!preg_match("/(jpeg|gif|jpg|png)/",$_FILES['img']['type'])) { 
         die('error in file type');
      }
    }

    what if the file name is 'php.jpg.php'?
    also, what if the file name is 'hello.JPG'?

    re-think that code!

  8. #8
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ruba
    Hi Kailash Badu,
    I just what to add that it's depend to the browser, If I upload from firefox is the the same type when upload from IE $_FILES['image']['type']

    so using preg_match is better than check if ==
    Hi Mate,

    I am not sure what you are trying to say. But yes, PHP just prints out the value of $_FILES['userfile']['type'] as reported by the browser. It doesn't do the file type checking on its own. See my post.

    Quote Originally Posted by kailash badu
    … gives the mime type of the uploaded file as reported by the browser
    However, what browser sends out is the mime type of uploaded file and not the extension (as OP is assuming). In my knowledge, this holds true for FF, IE, and probably others as well. In fact, even if an image file has an extension of .txt or something else, browser will send the image mime type (in IE at least, I am not sure about FF). You can catch this in the server side and rename the file with appropriate extension.

    Thanks mate.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •