Browser Compatibility (image upload)

fife · June 29, 2011

Ok. I have made a very simple image uploader but I have major cross browser issues that I didnt think were possible. I thought php was the same across all browsers but obviously not. Here is the issue.

I have an error checker that if the image is not of a certain type it simply says "nope"

If I upload an image in google crome or IE 9 then the image uploads no problem to the server and a ref to the database.

If I use the more popular browsers like IE7 or IE 8 my error of "nope" comes back and no script is executed.

code

first the form


<form action="" method="post" name="select_photo" enctype="multipart/form-data">

<input  type="file" name="new_photo" id="new_photo">

<input name="Save_photo" type="submit" value="Submit" alt="Upload this photo">

   </form>

then the script

if (isset($_POST['Save_photo'])) {
//another photo uploader
$fileName1 = $_FILES['new_photo']['name'];
$tmpName = $_FILES['new_photo']['tmp_name'];
$fileSize = $_FILES['new_photo']['size'];
$fileType = $_FILES['new_photo']['type'];		
$randName = md5(rand() * time());
$fileName = $randName.$fileName1;
$folder = "{$_SERVER['DOCUMENT_ROOT']}members/images/{$User['county']}/";
if ($fileSize >2097152){$msg1="Your uploaded file size is more than 2MB so please reduce the file size and then upload. Visit the help page to know how to reduce the file size.<BR>";
$success=0;}	
//	}	
elseif ($fileName1=="") {$error = "Please choose a file to upload"; $success=0;}

$types = array('image/jpeg', 'image/gif', 'image/png');

if (in_array($fileType, $types)) {
// Your file handing script here
if(move_uploaded_file($tmpName , $folder.$fileName)) {
$Fnew =  $fileName;
$county = $User['county'];
$time =  date("h:i A, d/m/Y");
$qInsert = mysql_query("INSERT INTO `images` 
(`image_name`, `creation_date`, `mem`, `county`)
	VALUES                    
	('$Fnew', '$time', '".$User['member_id']."', '$county')") or die (mysql_error());

$url = "New-photo.php?image=$Fnew";        
header("Location: $url");

}
} 
else {
$message = "nope";
	}  



}

I think it has something to do with the in_array function but. I have tried isset and array_key_exists but neither of them work properly!

PFMaBiSmAd · June 29, 2011

If you echo the $fileType as part of your error message, you will find that different browsers/browser-versions submit different mime types for the same file and you would need to allow for the different mime types in your code.

xyph · June 29, 2011

Mime types don't care about the content of the actual file. Checking them is slightly redundant.

If you only allow files to be uploaded with extensions that can't be executed or parsed on the server machine, you should be safe.

IE - If I rename a malicious PHP file to backdoor.jpg, your PHP engine should NEVER parse it. Even though it's dangerous data to have on your machine, as long as the attacker cannot execute it, you're safe.

fife · June 29, 2011

xyph

Are you saying that it doesnt matter what they upload as long as it cant be ran? doe that mean checking the file types is pointless? this is still my first image uploader and the error checking part is proving difficult!

xyph · June 29, 2011

Checking mime types is redundant as long as you verify the extension of the file is safe.

Sign In

Browser Compatibility (image upload)

Recommended Posts

fife

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

xyph

Link to comment

Share on other sites

fife

Link to comment

Share on other sites

xyph

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information