Jump to content

Up all night, still can't limit file types on upload

Reaper0167

By Reaper0167
in PHP Coding Help

 Share

Recommended Posts

Reaper0167 Regular Member

Reaper0167

Posted
Posted

I would only like to be able to upload gif jpeg png jpg  Any other file type would get an error. Right now if the file is larger than .5mb, i will will recieve an error, which is good, that is working correctly. Just the files types I can't seem to get. Here is the script again.

<?php
session_start();
include ("upload_db_info.php");

if (!empty($_POST['upload']))
{
extract($_POST);
   		
if(isset($_POST['upload']) && $_FILES['upload_file']['size'] < 500000)
{
    	$fileName = $_FILES['upload_file']['name'];
        $tmpName = $_FILES['upload_file']['tmp_name'];
        $fileSize = $_FILES['upload_file']['size'];
        $fileType = $_FILES['upload_file']['type'];
    	if ( file_exists($tmpName) )
    	{
    		$content = file_get_contents($tmpName);
    	}
    }
    else
{
	unset($_SESSION['uploadcomplete']);
	$_SESSION['uploaderror'] = "<font color=red><font size=2>Please select a valid picture format under 500,000 bytes(.5 				 									 megabytes)";
	header("location: http://www.---------.com");
	exit();
}

$user = mysql_real_escape_string($user);      
$trade = mysql_real_escape_string($trade);
$picname = mysql_real_escape_string($picname);

$fileName = mysql_real_escape_string($fileName);
    $fileSize = (int)$fileSize;
    $fileType = mysql_real_escape_string($fileType);
    $content  = mysql_real_escape_string($content);
    $descrip = mysql_real_escape_string($_POST["descrip"]);
$trade = mysql_real_escape_string($_POST["trade"]);
$picname = mysql_real_escape_string($_POST["picname"]);

$query = "INSERT INTO UploadedFiles (name, size, type, content, user, descrip, trade, picname)VALUES('$fileName', '$fileSize',                                        '$fileType', '$content', '$user', '$descrip', '$trade', '$picname')";        
    $result = mysql_query($query)or die (mysql_error());
    
unset($_SESSION['uploaderror']);
$_SESSION['uploadcomplete'] = "Your picture was uploaded to our system.";
    header("location: http://www._________-.com");
    exit();
}
?>

.josh Advanced Member

.josh

Posted
Posted

one way...

 

$allowed = array('.jpg','.gif','.bmp');
$fileName = $_FILES[$fieldName]['name'];
$imageType = strtolower(substr($fileName,-4));
if (!in_array($imageType,$allowed)) {
   // file not allowed, do something
}

 

You could alternatively have an $allowed array of the different values in $_FILES[filename][type]

chronister Regular Member

chronister

Posted
Posted

Ahh.. CV was a little quicker than me. :)

 

<?php
$allowedTypes = array('image/gif', 'image/jpeg', 'image/png');

if(in_array($fileType, $allowedTypes)){
   //upload file
}else{
// give error stating this type is not allowed.
}
?>

 

nate

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.