Jump to content

Recommended Posts

see i have my code shown below

 

 

require_once('config.php');

$query = mysql_query("SELECT * FROM table");

$find = mysql_fetch_array($query);

$limit_size=10000;

$filesize1=$HTTP_POST_FILES['file']['size'];

$filetype1=$HTTP_POST_FILES['type']['type'];

$filename1=$HTTP_POST_FILES['file']['name'];

 

 

if(($filesize1 >= $limit_size)||($filetype1!= 'image/jpeg')||(file_exists("upload/" . $filename1)){

echo "Max 10 Kb in JPG format and must not exists yet";

}else{

 

$path1= "upload/".$filename1;

if(copy($HTTP_POST_FILES['file']['tmp_name'], $path1)){

 

echo "File Name :".$HTTP_POST_FILES['file']['name']."<BR/>";

}else{

$find=mysql_fetch_array('

 

if ($find['upload']!=""){

echo $find['upload']; 

echo "<td><font face=arial size=2><a href=page2.php>delete</a></font></td>";

 

}else{

echo "<font face=arial size=2>No image uploaded yet!</font>";

}

}

}

}

 

Okay that's it...the problem is that when user has already uploaded their file go to index.php and assume they want  to update their image, why the $find['upload'] doesn't appear ?? i get this "Max 10 Kb in JPG format and must not exists yet"

 

some part might be wrong but which one?????

thanks a lot in advance

Link to comment
https://forums.phpfreaks.com/topic/175464-solved-get-confused-with-uploaded-file/
Share on other sites

You seam to have code missing,

ie

$find=mysql_fetch_array('

if (

 

this is probably the route I would take

<?php
require_once ('config.php');
//Check if file exists in database
$query = mysql_query("SELECT * FROM table");
$find = mysql_fetch_array($query);
if (! empty($find['upload'])) {
    echo $find['upload'];
    echo "<td><font face=arial size=2><a href=page2.php>delete</a></font></td>";
} elseif(!empty($_FILES)){//Check file has been sent
    $limit_size = 10000;
    $filesize1 = $_FILES['file']['size'];
    $filetype1 = $_FILES['type']['type'];
    $filename1 = $_FILES['file']['name'];
    //Check up load details
    if (($filesize1 >= $limit_size) || ($filetype1 != 'image/jpeg') || (file_exists("upload/" . $filename1))) {
        echo "Max 10 Kb in JPG format and must not exists yet";
    } else {
        //Moved Accepted upload to folder 
        $path1 = "upload/" . $filename1;
        if (copy($_FILES['file']['tmp_name'], $path1)) {
            //Display filename
            echo "File Name :" . $_FILES['file']['name'] . "<BR/>";
        } else {
            echo "<font face=arial size=2>Failed to upload!</font>";
        }
    }
}else{
    echo "<font face=arial size=2>No image uploaded yet!</font>";
}


?>

okay actually i almost solve the problem

 

i try one by one like this

 

$limit_size=60000;

$filesize1=$HTTP_POST_FILES['ufile']['size'][0];

$filetype1=$HTTP_POST_FILES['ufile']['type'][0];

$filename1=$HTTP_POST_FILES['ufile']['name'][0];

if(($filesize1 > $limit_size)&&($filetype1=='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Your file size is over limit, 60 Kb is the max size allowed";

}else

if(($filesize1 < $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Image must be in JPEG format";}else

if(($filesize1 < $limit_size)&&($filetype1=='image/jpeg')&&(file_exists("upload/".$filename1))){

echo "File is already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Size is over limit, image must be in JPEG format";}else

 

if(($filesize1 < $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){echo "Image must be in JPEG format, file name already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1=='image/jpeg')&&(file_exists("upload/".$filename1))){echo "Size is over limit, file name already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1!='image/jpeg')&&(file_exists("upload/".$filename1))){echo "60 Kb file in JPEG format and name shouldn't be existed";}else{

 

$path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];

if(

copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1)){

 

 

 

echo "File Name :".$HTTP_POST_FILES['ufile']['name'][0]."<BR/>";

}else{

if ($info['upload']!=""){

echo $info['upload']; 

 

 

* But it works correctly in Mozilla but not in IE 6.0

WHAT HAPPENED??? all files which is in JPEG format is counted as another format......PLEASE HELP :'(

Getting the mime type as a check for if the file is actually an image file or not is not the best practice. Mime types can be spoofed, and not all browsers even send a mime type.

 

you should get the extension via substr and test that. like so

$ext = substr($fileName, strrpos($fileName, '.') + 1);//$fileName is the name of the file
if ($ext != 'jpg' || $ext != 'jpeg'){
echo "Wrong file type";
exit();
}

sure! lets break it down into steps

$str = substr($fileName, strrpos($fileName, '.') + 1);

 

the first function called is substr. This will take a part of the string (the first parameter) from the startposition of the second parameter. (there is also a 3rd parameter called length that will specify the length of the substr. if not specified it will take the string from the start position to the finish position.

 

for example

$hello = "Hello World";
echo substr($hello, 2);// llo World
echo substr($hello, 0);//Hello World
echo substr($hello, 1, 4);// ello

 

Now the second parameter has another function call, which isstrrpos). This will get the string position of the last occurence of the second parameter, from the string in the first parameter. In this case, we look for the period character in the $fileName string. Say we have "myFile.jpg" strrpos will return the position 6 if we were to look for the period. (Note, strings are 0 based, so the first character will be in position 0)

 

We add 1 to the string position of the period character because we want everything after the period (IE the file extension). that line is basically like doing

 

$fileName = "file.php";
$ext = substr($fileName, 5);//5 is the position of the p in php, or the position of the period + 1

 

but it works for any file names/file types. also works for multiple periods in 1 file, since strrpos finds the last occurence of the second paramter

$limit_size=60000;

$filesize1=$HTTP_POST_FILES['ufile']['size'][0];

$filetype1=$HTTP_POST_FILES['ufile']['type'][0];

$filenamexx=$HTTP_POST_FILES['ufile']['name'][0];

$filename1= substr($fileNamex, strrpos($fileNamex, '.') + 1);

 

if(($filesize1 > $limit_size)&&($filetype1=='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Your file size is over limit, 60 Kb is the max size allowed";

}else

if(($filesize1 < $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Image must be in JPEG format";}else

if(($filesize1 < $limit_size)&&($filetype1=='image/jpeg')&&(file_exists("upload/".$filename1))){

echo "File is already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){

echo "Size is over limit, image must be in JPEG format";}else

 

if(($filesize1 < $limit_size)&&($filetype1!='image/jpeg')&&(!(file_exists("upload/".$filename1)))){echo "Image must be in JPEG format, file name already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1=='image/jpeg')&&(file_exists("upload/".$filename1))){echo "Size is over limit, file name already exists";}else

 

if(($filesize1 > $limit_size)&&($filetype1!='image/jpeg')&&(file_exists("upload/".$filename1))){echo "60 Kb file in JPEG format and name shouldn't be existed";}else{

 

$path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];

if(

copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1)){

 

 

 

echo "File Name :".$HTTP_POST_FILES['ufile']['name'][0]."<BR/>";

}else{

if ($info['upload']!=""){

echo $info['upload'];

 

 

 

 

 

Which part is wrong please help as all format can be submitted although i have restricted this

Everything is wrong. First of all, here

$filenamexx=$HTTP_POST_FILES['ufile']['name'][0];
$filename1= substr($fileNamex, strrpos($fileNamex, '.') + 1);

 

you aren't even using the right variable name. it should be

$filenamexx=$HTTP_POST_FILES['ufile']['name'][0];
$filename1= substr($filenamexx, strrpos($filenamexx, '.') + 1);

 

secondly, you aren't testing for mime type any more, and your if statements are all wrong too, and they don't even really make. sense at all... Half of them you don't even need...

 

you have to test file type like this

if ($filename1 != 'jpg' || $filename1 != 'jpeg'){
echo "Invalid file type";
exit();
}

which is what I wrote before if you were paying attention. evidently not...

 

your code is formatted horribly, and I can't even tell if you have else ifs, or you if you are just making syntax errors

 

if ($filename1 != 'jpg' || $filename1 != 'jpeg'){
echo "Invalid file type";
exit();
}
if ($filesize > $maxsize){
echo "File too big";
exit();
}
if (file_exists("upload/".$filename1)){
echo "File already exists";
exit();
}

 

thats all the error checking you seem to want to do, but with 3 if statements..

 

one more thing, if you have multiple file types you want to test, you should put them into an array, and use the in_array function like so

 

$allowed_files = array('jpg', 'jpeg', 'png', 'bmp');
if (!in_array($filename1, $allowed_files)){
echo "invalid File type";
exit();
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.