[SOLVED] array still not working properly

[Reaper0167]

Just trying to limit file types on upload. This is not hard to do(maybe it is). No matter what file I choose, i get the error saying that it is the wrong type of file. Here is the code,,,,again...

<?php
session_start();
include ("upload_db_info.php");
if (!empty($_POST['upload']))
{
extract($_POST);
   	if(isset($_POST['upload']) && $_FILES['upload_file']['size'] < 500000)
{
    	$fileName = $_FILES['upload_file']['name'];
       	$tmpName = $_FILES['upload_file']['tmp_name'];
       	$fileSize = $_FILES['upload_file']['size'];
       	$fileType = $_FILES['upload_file']['type'];
    	if ( file_exists($tmpName))
    	{
    		$content = file_get_contents($tmpName);
    	}
    }


$allowed = array('.gif','.bmp');
$fileName = $_FILES[$fileName]['name'];
$imageType = strtolower(substr($fileName,-4));
if (!in_array($imageType,$allowed))
{
   		unset($_SESSION['uploadcomplete']);
	$_SESSION['uploaderror'] = "<font color=red><font size=2>Please select a valid picture format under 500,000 bytes(.5 				 									 megabytes)";
	header("location: http://www.----------.com");
	exit();
}


$user = mysql_real_escape_string($user);      
$trade = mysql_real_escape_string($trade);
$picname = mysql_real_escape_string($picname);
$fileName = mysql_real_escape_string($fileName);
    $fileSize = (int)$fileSize;
    $fileType = mysql_real_escape_string($fileType);
    $content  = mysql_real_escape_string($content);
    $descrip = mysql_real_escape_string($_POST["descrip"]);
$trade = mysql_real_escape_string($_POST["trade"]);
$picname = mysql_real_escape_string($_POST["picname"]);
$query = "INSERT INTO UploadedFiles (name, size, type, content, user, descrip, trade, picname)VALUES('$fileName', 						 			 '$fileSize', '$fileType', '$content', '$user', '$descrip', '$trade', '$picname')";        
   	$result = mysql_query($query)or die (mysql_error());
    unset($_SESSION['uploaderror']);
$_SESSION['uploadcomplete'] = "Your picture was uploaded to our system.";
    header("location: http://www.------------.com");
    exit();
}
?>

[graham23s]

Hi Mate,

 

You could also just put the image TYPES in the array e.g: image/jpg, image/jpeg

 

$allowed = array('image/jpg,'image/jpeg);

$imageType = $fileType;

 

In your code you are checking the "filetype" rather than filename

 

hope this helps

 

Graham

 

 

EDIT: sorry re-read it you are checking the filename after all lol (i havce spent to long at the computer today lol)

 

[Reaper0167]

Thanks a bunch. My headache is now gone.

[Reaper0167]

everything works great except for jpg files. the array will not let me upload jpg files

<?php
$allowed = array('image/bmp','image/x-png','image/jpg','image/gif');
$imageType = $fileType;
if (!in_array($imageType,$allowed))
?>

[.josh]

'image/jpg' --> 'image/jpeg'

[Reaper0167]

Sorry to bring this post back from the dead, but I was wondering if the line marked below can be eliminated? Couldn't I just have $fileType in the IF statement?

<?php
$allowed = array('image/bmp','image/x-png','image/jpg','image/gif');
$imageType = $fileType;    // this line here
if (!in_array($imageType,$allowed))
?>

[.josh]

yes.

 

 

 

[Reaper0167]

Also,,, the array will still not let a .jpg be uploaded..... gif bmp png upload just fine. I tried jpg and jpeg,, but still get the same thing,, no upload.  Oh yeh,, before I forget, how much data can be stored in a mysql db?

[.josh]

I think there might possibly be some official limit but I'm pretty sure it is so massively large it's easier and just as accurate to say that limit is as big as your free hard drive space. 

 

As far as your jpg files not uploading...okay here's the thing, filetype for files are not always consistent from browser to browser.  Browser could be sending it as 'image/pjpeg' or 'image/jpeg' or 'image/jpg' or some browsers will actually scan the file so for instance, if you rename an image to some other extension, the browser may scan it and say it's still that image type, instead of the extension you changed it to. 

 

That's why I suggested in one of your previous threads to use substr to check the actual extension, instead of relying on what is given as the filetype.  And that's why printf also mentioned using the gd library to try and load it up to verify it is a valid image (btw, please stop making multiple threads that address the same issue.  It looks like you have 3...)