Image Upload

[New Coder]

Hello all,

 

I have a script that I found from a google search to make an image uploading page. http://www.reconn.us/content/view/30/51/

 

I have modified/ added to it to suit my needs, like entering info in a table and extra form fields.

 

I works, but wierdly, and I don't understand why.

 

It will upload an image file with extensions jpg, jpeg, png and gif.

and it should throw an error on any file without those extensions, but it doesn't.

 

If I try to uplaod a text file it displays the message Unkown extension as it should and is the same for .doc and .html but for some reason if you try to uplaod a pdf no errors are shown it just refreshes the page almost like nothing has happened at all.

 

Any help is very much appreciated.

 

<SCRIPT language="JavaScript"><!-- //script hider
function form_validator(theForm)
{
if((theForm.image_use.value == "Choose Option")||(theForm.image_use.value == "")){
	alert("You must choose an agreed use for the image.");
	theForm.image_use.focus();
	return (false);
}
return (true);
}
// end script hiding -->
</SCRIPT>
<?php

define ("MAX_SIZE","100"); 

function getExtension($str)
{
$i = strrpos($str,".");         
if(!$i) 
{ 
	return ""; 
}        
$l = strlen($str) - $i;         
$ext = substr($str,$i+1,$l);         
return $ext; 
} 

$errors=0;

if(isset($_POST['Submit']))  
{ 		
$image=$_FILES['image']['name']; 	
if($image)  	
{ 			
	$filename = stripslashes($_FILES['image']['name']);  		
	$extension = getExtension($filename); 		
	$extension = strtolower($extension); 
	if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))  		
	{				
		echo '<h1>Unknown extension!</h1>'; 			
		$errors=1; 		
	} 		
	else 		
	{
		$size=filesize($_FILES['image']['tmp_name']);
		if ($size > MAX_SIZE*1024)
		{	
			echo '<h1>You have exceeded the size limit!</h1>';	
			echo("If you're not redirected within 5 seconds please use the back button below.<br><form action=\"test.php\"><input type=\"submit\" name=\"back\" value=\"Back\"></form>");
			header("refresh:4; url='test.php'");
			$errors=1;
		}
		else
		{
		$image_name=time().'.'.$extension;
		$name = 'ME';
		$image_use = $_POST['image_use'];
		$image = $_POST['image'];
			if(isset($_POST['Submit']) && $errors != 1)  
			{
				#include("../php_include/connection.php");
				$conn = @mysql_connect(  "localhost", "user", "pword" )
      							or die( "Err:conn" );
				$rs = @mysql_select_db( "database", $conn)
						or die( "ERR:Db" );
				$sql = "insert into tbl_image_uploads (name, image_use, image) values (\"$name\", \"$image_use\", \"$image_name\") ";
				$rs = mysql_query( $sql, $conn ) or die ( "Error Query" );
				if ($rs)
				{
					$newname="uploads/".$image_name;
					$copied = copy($_FILES['image']['tmp_name'], $newname);
					if (!$copied) 
					{	
						echo '<h1>Copy unsuccessfull!</h1>';
						echo("If you're not redirected within 5 seconds please use the back button below.<br><form action=\"test.php\"><input type=\"submit\" name=\"back\" value=\"Back\"></form>");
						header("refresh:4; url='test.php'");
					}
					else
					{
						echo "<h1>File Uploaded Successfully! Thank you</h1>";
						echo("If you're not redirected within 5 seconds please use the back button below.<br><form action=\"test.php\"><input type=\"submit\" name=\"back\" value=\"Back\"></form>");
						header("refresh:4; url='test.php'");
					}
				}
			}
		}
	}
}
}
?> 
<form name="newad" method="post" enctype="multipart/form-data"  action="" onsubmit="return form_validator(this)">
<table> 	
<tr>
    	<td>Image<br><input type="file" name="image"></td>
    </tr> 	
    <tr>
        <td>Agreed Use<br><select name="image_use">
        <option>Choose Option</option>
        <option value="gallery">Gallery Only</option>
        <option value="anything">Anything</option>
        </select></td>
    </tr> 	
    <tr>
        <td>Explanation (Optional)<br><textarea name="explanation" cols="50" rows="3"></textarea></td>
    </tr> 	
    <tr>
    	<td><input name="Submit" type="submit" value="Upload image"></td>
    </tr>
</table>
</form>

 

also I understand most of the code except what this part does:

enctype="multipart/form-data"

 

Many Thanks

[PFMaBiSmAd]

Add the following lines of code immediately after the opening <?php tag in the code you posted and tell us what it displays AFTER you submit your form -

 

echo "<pre>";
echo "POST:";
print_r($_POST);
echo "FILES:";
print_r($_FILES);
echo "</pre>";

 

As to your enctype question - http://www.w3schools.com/TAGS/att_form_enctype.asp

[New Coder]

Many thanks for speedy reply.

 

after successful upload of jpg:

 

POST:Array
(
    [image_use] => gallery
    [explanation] => 
    [submit] => Upload image
)
FILES:Array
(
    [image] => Array
        (
            [name] => mex3.jpg
            [type] => image/pjpeg
            [tmp_name] => C:\Windows\Temp\php3239.tmp
            [error] => 0
            [size] => 30538
        )

)

 

after pdf attempt.

 

POST:Array

(

)

FILES:Array

(

)

 

 

Many Thanks

[PFMaBiSmAd]

The size of the file exceeds that maximum post size setting - http://www.php.net/manual/en/ini.core.php#ini.post-max-size (you can find the link to this information in the upload handling section of the php manual.)

 

Your code has no error checking logic in it to test if the upload worked before it starts testing values from the form.

 

You actually need to test for an empty $_FILES array before you do anything. Then test $_FILES['image']['error'] before you start checking the file size, type, name... http://www.php.net/manual/en/features.file-upload.errors.php

[New Coder]

Thanks PFMaBiSmAd for the information, I will look into it.