Jump to content

[SOLVED] array still not working properly


Reaper0167

Recommended Posts

Just trying to limit file types on upload. This is not hard to do(maybe it is). No matter what file I choose, i get the error saying that it is the wrong type of file. Here is the code,,,,again...

<?php
session_start();
include ("upload_db_info.php");
if (!empty($_POST['upload']))
{
extract($_POST);
   	if(isset($_POST['upload']) && $_FILES['upload_file']['size'] < 500000)
{
    	$fileName = $_FILES['upload_file']['name'];
       	$tmpName = $_FILES['upload_file']['tmp_name'];
       	$fileSize = $_FILES['upload_file']['size'];
       	$fileType = $_FILES['upload_file']['type'];
    	if ( file_exists($tmpName))
    	{
    		$content = file_get_contents($tmpName);
    	}
    }


$allowed = array('.gif','.bmp');
$fileName = $_FILES[$fileName]['name'];
$imageType = strtolower(substr($fileName,-4));
if (!in_array($imageType,$allowed))
{
   		unset($_SESSION['uploadcomplete']);
	$_SESSION['uploaderror'] = "<font color=red><font size=2>Please select a valid picture format under 500,000 bytes(.5 				 									 megabytes)";
	header("location: http://www.----------.com");
	exit();
}


$user = mysql_real_escape_string($user);      
$trade = mysql_real_escape_string($trade);
$picname = mysql_real_escape_string($picname);
$fileName = mysql_real_escape_string($fileName);
    $fileSize = (int)$fileSize;
    $fileType = mysql_real_escape_string($fileType);
    $content  = mysql_real_escape_string($content);
    $descrip = mysql_real_escape_string($_POST["descrip"]);
$trade = mysql_real_escape_string($_POST["trade"]);
$picname = mysql_real_escape_string($_POST["picname"]);
$query = "INSERT INTO UploadedFiles (name, size, type, content, user, descrip, trade, picname)VALUES('$fileName', 						 			 '$fileSize', '$fileType', '$content', '$user', '$descrip', '$trade', '$picname')";        
   	$result = mysql_query($query)or die (mysql_error());
    unset($_SESSION['uploaderror']);
$_SESSION['uploadcomplete'] = "Your picture was uploaded to our system.";
    header("location: http://www.------------.com");
    exit();
}
?>

Link to comment
https://forums.phpfreaks.com/topic/144381-solved-array-still-not-working-properly/
Share on other sites

Hi Mate,

 

You could also just put the image TYPES in the array e.g: image/jpg, image/jpeg

 

$allowed = array('image/jpg,'image/jpeg);

$imageType = $fileType;

 

In your code you are checking the "filetype" rather than filename :)

 

hope this helps

 

Graham

 

 

EDIT: sorry re-read it you are checking the filename after all lol (i havce spent to long at the computer today lol)

 

Sorry to bring this post back from the dead, but I was wondering if the line marked below can be eliminated? Couldn't I just have $fileType in the IF statement?

<?php
$allowed = array('image/bmp','image/x-png','image/jpg','image/gif');
$imageType = $fileType;    // this line here
if (!in_array($imageType,$allowed))
?>

I think there might possibly be some official limit but I'm pretty sure it is so massively large it's easier and just as accurate to say that limit is as big as your free hard drive space. 

 

As far as your jpg files not uploading...okay here's the thing, filetype for files are not always consistent from browser to browser.  Browser could be sending it as 'image/pjpeg' or 'image/jpeg' or 'image/jpg' or some browsers will actually scan the file so for instance, if you rename an image to some other extension, the browser may scan it and say it's still that image type, instead of the extension you changed it to. 

 

That's why I suggested in one of your previous threads to use substr to check the actual extension, instead of relying on what is given as the filetype.  And that's why printf also mentioned using the gd library to try and load it up to verify it is a valid image (btw, please stop making multiple threads that address the same issue.  It looks like you have 3...)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.