Jump to content

upload form file types....

Lateralus138

By Lateralus138
in PHP Coding Help

 Share

Recommended Posts

Lateralus138 Newbie

Lateralus138

Posted
Posted

Hey all, I am learning PHP and I am writing a script from the W3C Schools tutorials for uploading files to my server. I want to be able to use it for a friend to upload files to my server (I know to be careful).  I only want it to be able to allow those images, exe, rar and zip files, no ISO's, .IMG's etc... I understand how the code works and have added and extra image file extension, but how would I add .exe, .zip and .rar? I thought maybe app/exe etc... and tried it, but I don't think it worked, files aren't being uploaded other than the images. All my permissions are set right and my test files sizes are ok.

What I am is asking is what is the code to allow those 3 file types to be uploaded?

 

Here is my code:

<?php
if (((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg")))
&& ($_FILES["file"]["size"] < 8000000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

Link to comment
https://forums.phpfreaks.com/topic/190212-upload-form-file-types/
Share on other sites
jl5501 Newbie

jl5501

Posted
Posted

You just have to include the correct mime types for each file type to be uploaded.

.exe has the potential to have multiple mime types, but the most common AKAIK is application/octet-stream.

 

Also, I notice you have included image/pjpeg in your acceptable images list, which is a non-standard mime type used only by internet explorer. Rather than just accept that type,

my approach is to change image/pjpeg to image/jpeg, before the type tests.

Lateralus138 Newbie

Lateralus138

Posted
  • Author
Posted

You just have to include the correct mime types for each file type to be uploaded.

.exe has the potential to have multiple mime types, but the most common AKAIK is application/octet-stream.

 

Also, I notice you have included image/pjpeg in your acceptable images list, which is a non-standard mime type used only by internet explorer. Rather than just accept that type,

my approach is to change image/pjpeg to image/jpeg, before the type tests.

That pjpeg was from a small list at W3C and so I threw it in to be safe, but thank you for informing me.

 

Thank you for your help... I googled, but I am not sure I used the right key-phrases and didn't come up with a list of what to use. Do you know of a list of types anywhere (application/octet-stream, images/jpeg etc...). Some sort of quick guide? Thank you for your help.

 

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Unfortunately, the upload script posted on the w3schools site is ass backwards. The first example, where they check the ['error'] element first, is correct. However, when they added ['type'] checking, they put if first, which won't work when there is an upload error. When an upload error occurs, that code will report an "Invalid file" and it will never reach the code checking the ['error'] element and you will never see the "Error: " . $_FILES["file"]["error"] . "<br />"; output that would tell you why the upload failed.

 

Think about any code you find posted on the Internet (don't just follow along with it). Does it make sense and in the case of the w3schools code, does it make sense to check some piece of the uploaded data before you have tested if the upload even worked?

 

Edit: Quote taken from the w3schools site -

W3Schools is for training only. We do not warrant the correctness of its content. The risk from using it lies entirely with the user.
Lateralus138 Newbie

Lateralus138

Posted
  • Author
Posted

While I have an idea of what you're trying to explain to me (meaning it's not all lost on me, lol), I am not sure what part is the  "['type'] checking" that you are referring to. I imagine you are talking about before it actually starts the upload to the temp folder and returns the file information? I would appreciate a more thorough explanation if it's no trouble. If it is too much trouble then thank you for your time already to this point and thank you for letting me know that code is flawed.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

$_FILES["file"]["type"] won't be set to any value if there is an upload error. Any logic to test $_FILES["file"]["type"] would need to come after any logic that tests if $_FILES["file"]["error"] is equal to zero (a successful upload.)

 

You may want to read the upload handling section in the php manual - http://www.php.net/manual/en/features.file-upload.php

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.