Jump to content

[SOLVED] php file upload problem - not recognising file types


helraizer

Recommended Posts

Hey folks,

 

I have written this code:

 

 <?php
$name = $_SESSION['user'];




                    $name = $name . "_img.";
$background = mysql_real_escape_string(htmlspecialchars($_POST['background']));

if ($background == "u")
                     {
                     	$file = stripslashes($_FILES['back']['name']);

                        if ($file)
                        {


                           $ext = explode(".", $file);
                            $extension = strtolower($ext[1]);

                        }
                        else
                        {

                        }

                        $target = "user/";

                        $target = $target . $name . $extension;
                        
                        

	if ($extension != "gif" || $extension != "jpeg" || $extension !="jpg" || $extension != "png")
                        {

                            $errors[] .= "You may only upload gif, jpeg or png files.";
                        }
                        else
                        {
                            $size = filesize($_FILES['back']['tmp_name']);
                            define("MAX_SIZE", 1);

                            if ($size > MAX_SIZE * 1024)
                            {
                                $errors[] .= "The file must be less than 1MB";
                            }
                        }
                    }

if (isset($_POST['submit']) && $errors[0] != null)
                    {

                        echo '    <div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">';
                        echo "<h2>" . _ERROR . "</h2><ul>";
                        foreach ($errors as $f)
                        {
                            echo "<li>" . $f . "</li>";
                        }
                        echo "</ul>";
                        echo '<br><br><br>
</td>
	</tr>
	</table>
	</div>';
                    }
               ?> 

 

I've tried

 

echo $ext[1];

 

and it echos out 'jpg', which is correct.

 

No matter if the file extension is jpg, gif, jpeg, png, php, html or css it always echos out "Error! You may only upload gif, jpeg or png files."

 

I can't see why it always does this. Can you see what I've done wrong?

 

Sam

Well, for one, a more accurate way to get your extension is...

 

$ext = strtolower( end( explode(".", $file) ) );

 

Also, you want to use && not ||

 

If you use ||, if any return TRUE, the whole if returns TRUE. With &&, they all must return TRUE

 

Use this

 

if ($extension != "gif" && $extension != "jpeg" && $extension !="jpg" && $extension != "png")

 

An easier way to manage might be this

 

# Put this at the top of your script
$allowed = array( 'gif', 'jpg', 'jpeg', 'png' );

if (  !in_array( $ext, $allowed )  )
    $errors[] .= "You may only upload gif, jpeg or png files.";

 

I prefer to put everything that might get changed or modified later at the top of my script... makes it easier for others to modify.

Try this:

 

<?php
$errors = array();
$name = $_SESSION['user'];
$name = $name . "_img.";

$valid_types = array('gif','jpeg','jpg','png');

$background = mysql_real_escape_string(htmlspecialchars($_POST['background']));
if ($background == "u") {
$file = stripslashes($_FILES['back']['name']);
if ($file){
	$ext = explode(".", $file);
	$extension = strtolower($ext[1]);
} else{
}
$target = "user/";

$target = $target . $name . $extension;
                        		
if (!in_array($extension,$valid_types)) {
	$errors[] = "You may only upload gif, jpeg or png files.";
} else {
	$size = filesize($_FILES['back']['tmp_name']);
	define("MAX_SIZE", 1);
	if ($size > MAX_SIZE * 1024) {
		$errors[] = "The file must be less than 1MB";
	}
}
}

if (isset($_POST['submit']) && $errors[0] != null){
echo '<div class="ddgb_entrybox">
<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
		<td width="42%" align="right" valign="top"></td>
		<td align="center" valign="top">';
			echo "<h2>" . _ERROR . "</h2><ul>";
			foreach ($errors as $f) {
				echo "<li>" . $f . "</li>";
			}
			echo "</ul>";
			echo '<br><br><br>
		</td>
	</tr>
</table>';
}

?> 

I came to a comprimise with the codes given and end up with this:

 

<?php
                    $name = $_SESSION['user'];




                    $name = $name . "_im.";

                    //define variables

                    $valid_types = array('gif', 'jpeg', 'jpg', 'png');
                    $background = mysql_real_escape_string(htmlspecialchars($_POST['background']));

if ($background == "u")
                    {
                        unset($errors);
                        $file = stripslashes($_FILES['back']['type']);
                        $files = stripslashes($_FILES['back']['name']);

                        $ext = strtolower(end(explode(".", $files)));
                        $extension = $ext;



                        $target = "user/";

                        $target = $target . $name . $extension;
                        $targ = mysql_real_escape_string($target);


                        if (!in_array($extension, $valid_types))
                        {
                            $errors[] = "You may only upload gif, jpeg or png files.";
                        }

                    }


 

Before with one of the codes given,  $ext[1] returned "p". So I thought, eh? and tryed $ext[0], $ext[0] == "j" so $ext[2] == "g". Thus $ext on its own == "jpg".

 

Thanks for the help.

Sam

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.