helraizer Posted June 5, 2008 Share Posted June 5, 2008 Hey folks, I have written this code: <?php $name = $_SESSION['user']; $name = $name . "_img."; $background = mysql_real_escape_string(htmlspecialchars($_POST['background'])); if ($background == "u") { $file = stripslashes($_FILES['back']['name']); if ($file) { $ext = explode(".", $file); $extension = strtolower($ext[1]); } else { } $target = "user/"; $target = $target . $name . $extension; if ($extension != "gif" || $extension != "jpeg" || $extension !="jpg" || $extension != "png") { $errors[] .= "You may only upload gif, jpeg or png files."; } else { $size = filesize($_FILES['back']['tmp_name']); define("MAX_SIZE", 1); if ($size > MAX_SIZE * 1024) { $errors[] .= "The file must be less than 1MB"; } } } if (isset($_POST['submit']) && $errors[0] != null) { echo ' <div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top">'; echo "<h2>" . _ERROR . "</h2><ul>"; foreach ($errors as $f) { echo "<li>" . $f . "</li>"; } echo "</ul>"; echo '<br><br><br> </td> </tr> </table> </div>'; } ?> I've tried echo $ext[1]; and it echos out 'jpg', which is correct. No matter if the file extension is jpg, gif, jpeg, png, php, html or css it always echos out "Error! You may only upload gif, jpeg or png files." I can't see why it always does this. Can you see what I've done wrong? Sam Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/ Share on other sites More sharing options...
discomatt Posted June 5, 2008 Share Posted June 5, 2008 Well, for one, a more accurate way to get your extension is... $ext = strtolower( end( explode(".", $file) ) ); Also, you want to use && not || If you use ||, if any return TRUE, the whole if returns TRUE. With &&, they all must return TRUE Use this if ($extension != "gif" && $extension != "jpeg" && $extension !="jpg" && $extension != "png") An easier way to manage might be this # Put this at the top of your script $allowed = array( 'gif', 'jpg', 'jpeg', 'png' ); if ( !in_array( $ext, $allowed ) ) $errors[] .= "You may only upload gif, jpeg or png files."; I prefer to put everything that might get changed or modified later at the top of my script... makes it easier for others to modify. Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/#findComment-558474 Share on other sites More sharing options...
Buddski Posted June 5, 2008 Share Posted June 5, 2008 Try this: <?php $errors = array(); $name = $_SESSION['user']; $name = $name . "_img."; $valid_types = array('gif','jpeg','jpg','png'); $background = mysql_real_escape_string(htmlspecialchars($_POST['background'])); if ($background == "u") { $file = stripslashes($_FILES['back']['name']); if ($file){ $ext = explode(".", $file); $extension = strtolower($ext[1]); } else{ } $target = "user/"; $target = $target . $name . $extension; if (!in_array($extension,$valid_types)) { $errors[] = "You may only upload gif, jpeg or png files."; } else { $size = filesize($_FILES['back']['tmp_name']); define("MAX_SIZE", 1); if ($size > MAX_SIZE * 1024) { $errors[] = "The file must be less than 1MB"; } } } if (isset($_POST['submit']) && $errors[0] != null){ echo '<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top">'; echo "<h2>" . _ERROR . "</h2><ul>"; foreach ($errors as $f) { echo "<li>" . $f . "</li>"; } echo "</ul>"; echo '<br><br><br> </td> </tr> </table>'; } ?> Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/#findComment-558479 Share on other sites More sharing options...
Buddski Posted June 5, 2008 Share Posted June 5, 2008 If you want to check the file type you could always use $_FILES['back']['type'] ie. image\jpg, image\png, image\gif Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/#findComment-558493 Share on other sites More sharing options...
discomatt Posted June 5, 2008 Share Posted June 5, 2008 Mime-type is defined by the browser... in other words its okay for a secondary check, but it's insecure. Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/#findComment-558617 Share on other sites More sharing options...
helraizer Posted June 5, 2008 Author Share Posted June 5, 2008 I came to a comprimise with the codes given and end up with this: <?php $name = $_SESSION['user']; $name = $name . "_im."; //define variables $valid_types = array('gif', 'jpeg', 'jpg', 'png'); $background = mysql_real_escape_string(htmlspecialchars($_POST['background'])); if ($background == "u") { unset($errors); $file = stripslashes($_FILES['back']['type']); $files = stripslashes($_FILES['back']['name']); $ext = strtolower(end(explode(".", $files))); $extension = $ext; $target = "user/"; $target = $target . $name . $extension; $targ = mysql_real_escape_string($target); if (!in_array($extension, $valid_types)) { $errors[] = "You may only upload gif, jpeg or png files."; } } Before with one of the codes given, $ext[1] returned "p". So I thought, eh? and tryed $ext[0], $ext[0] == "j" so $ext[2] == "g". Thus $ext on its own == "jpg". Thanks for the help. Sam Link to comment https://forums.phpfreaks.com/topic/108872-solved-php-file-upload-problem-not-recognising-file-types/#findComment-558672 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.