Reaper0167 Posted February 8, 2009 Share Posted February 8, 2009 Just trying to limit file types on upload. This is not hard to do(maybe it is). No matter what file I choose, i get the error saying that it is the wrong type of file. Here is the code,,,,again... <?php session_start(); include ("upload_db_info.php"); if (!empty($_POST['upload'])) { extract($_POST); if(isset($_POST['upload']) && $_FILES['upload_file']['size'] < 500000) { $fileName = $_FILES['upload_file']['name']; $tmpName = $_FILES['upload_file']['tmp_name']; $fileSize = $_FILES['upload_file']['size']; $fileType = $_FILES['upload_file']['type']; if ( file_exists($tmpName)) { $content = file_get_contents($tmpName); } } $allowed = array('.gif','.bmp'); $fileName = $_FILES[$fileName]['name']; $imageType = strtolower(substr($fileName,-4)); if (!in_array($imageType,$allowed)) { unset($_SESSION['uploadcomplete']); $_SESSION['uploaderror'] = "<font color=red><font size=2>Please select a valid picture format under 500,000 bytes(.5 megabytes)"; header("location: http://www.----------.com"); exit(); } $user = mysql_real_escape_string($user); $trade = mysql_real_escape_string($trade); $picname = mysql_real_escape_string($picname); $fileName = mysql_real_escape_string($fileName); $fileSize = (int)$fileSize; $fileType = mysql_real_escape_string($fileType); $content = mysql_real_escape_string($content); $descrip = mysql_real_escape_string($_POST["descrip"]); $trade = mysql_real_escape_string($_POST["trade"]); $picname = mysql_real_escape_string($_POST["picname"]); $query = "INSERT INTO UploadedFiles (name, size, type, content, user, descrip, trade, picname)VALUES('$fileName', '$fileSize', '$fileType', '$content', '$user', '$descrip', '$trade', '$picname')"; $result = mysql_query($query)or die (mysql_error()); unset($_SESSION['uploaderror']); $_SESSION['uploadcomplete'] = "Your picture was uploaded to our system."; header("location: http://www.------------.com"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
graham23s Posted February 8, 2009 Share Posted February 8, 2009 Hi Mate, You could also just put the image TYPES in the array e.g: image/jpg, image/jpeg $allowed = array('image/jpg,'image/jpeg); $imageType = $fileType; In your code you are checking the "filetype" rather than filename hope this helps Graham EDIT: sorry re-read it you are checking the filename after all lol (i havce spent to long at the computer today lol) Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted February 8, 2009 Author Share Posted February 8, 2009 Thanks a bunch. My headache is now gone. Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted February 8, 2009 Author Share Posted February 8, 2009 everything works great except for jpg files. the array will not let me upload jpg files <?php $allowed = array('image/bmp','image/x-png','image/jpg','image/gif'); $imageType = $fileType; if (!in_array($imageType,$allowed)) ?> Quote Link to comment Share on other sites More sharing options...
.josh Posted February 8, 2009 Share Posted February 8, 2009 'image/jpg' --> 'image/jpeg' Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted February 9, 2009 Author Share Posted February 9, 2009 Sorry to bring this post back from the dead, but I was wondering if the line marked below can be eliminated? Couldn't I just have $fileType in the IF statement? <?php $allowed = array('image/bmp','image/x-png','image/jpg','image/gif'); $imageType = $fileType; // this line here if (!in_array($imageType,$allowed)) ?> Quote Link to comment Share on other sites More sharing options...
.josh Posted February 9, 2009 Share Posted February 9, 2009 yes. Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted February 9, 2009 Author Share Posted February 9, 2009 Also,,, the array will still not let a .jpg be uploaded..... gif bmp png upload just fine. I tried jpg and jpeg,, but still get the same thing,, no upload. Oh yeh,, before I forget, how much data can be stored in a mysql db? Quote Link to comment Share on other sites More sharing options...
.josh Posted February 9, 2009 Share Posted February 9, 2009 I think there might possibly be some official limit but I'm pretty sure it is so massively large it's easier and just as accurate to say that limit is as big as your free hard drive space. As far as your jpg files not uploading...okay here's the thing, filetype for files are not always consistent from browser to browser. Browser could be sending it as 'image/pjpeg' or 'image/jpeg' or 'image/jpg' or some browsers will actually scan the file so for instance, if you rename an image to some other extension, the browser may scan it and say it's still that image type, instead of the extension you changed it to. That's why I suggested in one of your previous threads to use substr to check the actual extension, instead of relying on what is given as the filetype. And that's why printf also mentioned using the gd library to try and load it up to verify it is a valid image (btw, please stop making multiple threads that address the same issue. It looks like you have 3...) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.