Jump to content

if else statement, $_FILES getting uploaded

$php_mysql$

By $php_mysql$
in PHP Coding Help

 Share

Recommended Posts

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

The errors you are getting is produced probably because the file you uploaded was in your blacklist, which leads to that the file WILL NOT GET MOVED/UPLOADED. And then you try to use the moved image file in your scripts some elsewhere (which does not exist).

 

If I recall correctly from your earlier topics, you are also using a SimpleImage class or something similar. I suggest you try to make things simple and work simple before you dive into someone else's written image classes. You need to understand the basics and the logic flow in the code ALL THE TIME. You just cant get pieces and classes from here and there and put them together and expect everything to work smoothly. Not that the class was very advanced what I looked it day or two ago, but just a note.

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

but 1 thing im not getting is why exit(); does wht i want but if else statement not doing the same?

 

exit() does not do what you want, or do you want that blank page (then it does)? exit() just ends the script execution in that place. No following script is executed at all. That way you don't have the errors since the script will never run in those parts.

the182guy Newbie

the182guy

Posted
Posted

Maybe do something like this..

function uploadFile($file, $uploadPath) {
$max_size = 5242880;
$path = $uploadPath . $file['name'];
$blacklist = array(".php", ".jpg", ".jpeg", ".php.gif", ".php.png", ".phtml", ".php3", ".php4", ".html");
$file_type = array("image/gif","image/jpg","image/jpeg","image/png");
$patterns = implode('|', $blacklist);

if (preg_match('('. $patterns .')', $file['name']))
{
	return 'File is blacklisted.';
}
else if ($file['size'] > $max_size)
{
	return 'File is too large.';
}
else if (!in_array($file['type'], $file_type))
{
	return 'File type is not allowed.';
}
else if (move_uploaded_file($file['tmp_name'], $path))
{
	return "The file was uploaded successfully.";
}
else
{
	return "The file was not uploaded successfully. Error code: " . $file['error'];
}
}

 

I don't like lots of returning like that within a function. It should have as few exit paths as possible, preferably just one, making it easier to read, maintain and debug. I would instead create a return object which has a success (true/false) property and a message property to indicate the reason for failure. Even better would be if the message was a pointer rather than a user friendly message, e.g. TOO_LARGE, where you'd let the front end or view handle the actual turning it into the user friendly message if you needed different languages or want a more MVC style system.

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

Yeah well, tried to make just a SIMPLE example for this guy. If you see his earlier post, do you think an OO/MVC based approach would have made him understand it more? Agree on that you don't need all the returns, could just use one variable/array to assign the string(s) in it and return the variable at the end of the function. Also I wanted to keep it as close as possible to the original approach he introduced in this thread.

 

I really don't think this thread is about MVC or localization.

 

Ps. What I pasted earlier is not the way I would do it either.

AyKay47 Member

AyKay47

Posted
Posted

i urge people on this forum to no longer help this person...he/she obviously doesn't understand the basics of PHP and doesn't care to.. anyone that has an issue every hour clearly needs to study examples and practice more..as I have stated in another thread of his..

AyKay47 Member

AyKay47

Posted
Posted

SEEMS TO ME THAT YOU ARE NOT SPENDING THE TIME TO PROPERLY LEARN AND TEACH YOURSELF PHP...YOUR QUESTIONS ARE BASIC..SOMEONE GIVES YOU A SOLUTION AND YOU DO NOT UNDERSTAND IT AND ASK THEM TO DO IT FOR YOU, THESE ARE NICE PEOPLE ON HERE GIVING YOU THERE TIME FOR FREE WHERE NORMALLY A PROGRAMMER WOULD CHARGE YOU A GOOD CUNK OF MONEY TO HELP YOU...DON'T ABUSE THEIR HELP, IF YOU HAVE A QUESTION ABOUT SOMETHING, CHECK ONLINE RESOURCES BEFORE YOU ASK HERE AND TELL PEOPLE TO HELP YOU..IF YOU DO NOT UNDERSTNAD THE SOLUTIONS HOW CAN YOU EXPECT TO BE ABLE TO PROCEED WITH YOUR CODING...

$php_mysql$ Regular Member

$php_mysql$

Posted
  • Author
Posted

i definitely appreciate them giving soo much time and help and i in no ways tried to abuse it. i did look around and tried, its nothing like im not trying but since im not as good as they are so i asked them for their help.  i do not understand why are you trying to be rude? 

AyKay47 Member

AyKay47

Posted
Posted

because if you look at your other threads.. i am there helping you as well, however when i give you a simple solution, you do not understand it...therefore I end up spending half of the day trying to explain basic code to you...if you look at your threads, the majority of them are like 20+ replies.. you are wasting people time and efforts.. learn the ins and outs of PHP before attempting things like this...look at tutorials, read books etc..

just how I feel about it

$php_mysql$ Regular Member

$php_mysql$

Posted
  • Author
Posted

so i managed to make the file type and size limit to work

 

function insert($postData) {	

if(!empty($_FILES['image']["name"])){	
	        
		$max_size = 5242880;
		$blacklist = array(".php", ".php.jpg", ".php.jpeg", ".php.gif", ".php.png", ".phtml", ".php3", ".php4", ".html");
		$file_type = array("image/gif","image/jpg","image/jpeg","image/png");
		if ($_FILES['image']["size"] > $max_size)
		{
		echo 'File is too large.';
		}
		else if (preg_match("/$blacklist\$/i", $_FILES['image']['name']))
		{
		echo "Blacklisted File";
		}
		else if (!in_array($_FILES['image']["type"], $file_type))
		{
		echo "file not supported";
		}else{			
		global $uploadPath;
		$remove_symbols = array('+', '=', '-', '{', '}', '$', '(', ')');
		$removed_symbols = str_replace($remove_symbols, "_", $_FILES['image']['name']);  
		$randomnum=rand(00000000,99999999);  
		$imagepath = uploadFile($_FILES['image'], $uploadPath);
		$image = new SimpleImage();
		$image->load($imagepath);
		$image->resize(225,250);
		$resize_rename = $uploadPath.$randomnum._.$removed_symbols;
		$image->save($resize_rename);

		unlink($imagepath); //delete the original file

	    $sql = " INSERT INTO tbl SET
		title	= '".$postData['title']."',
		image	= '".$resize_rename."',
		name	= '".$postData['name']."',
		category 	= '".$postData['category']."',
		type	= '".$postData['type']."',
		state	= '".$postData['state']."',
		location	= '".$postData['location']."',
		email 	= '".$postData['email']."',
		phone	= '".$postData['phone']."',
		description	= '".$postData['description']."'
		";
		executeSql($sql);	
		echo "ad posted successfully";
		}
		}else{	
		$sql = " INSERT INTO tbl SET
		title	= '".$postData['title']."',
		image	= '',
		name	= '".$postData['name']."',
		category 	= '".$postData['category']."',
		type	= '".$postData['type']."',
		state	= '".$postData['state']."',
		location	= '".$postData['location']."',
		email 	= '".$postData['email']."',
		phone	= '".$postData['phone']."',
		description	= '".$postData['description']."'
		";
		executeSql($sql);
		echo "ad posted successfully without image";
		}
}

 

now my issue is the blacklist will not work, what could i be doing wrong that it only display file too long and file not supported error message?

$php_mysql$ Regular Member

$php_mysql$

Posted
  • Author
Posted

so i did this

 

function insert($postData) {	

$max_size = 5242880;
$blacklist = array(".php", ".php.jpg", ".php.jpeg", ".php.gif", ".php.png", ".phtml", ".php3", ".php4", ".html");
$file_type = array("image/gif","image/jpg","image/jpeg","image/png");

if(empty($_FILES['image']["name"])){	


		$sql = " INSERT INTO tbl SET
		title	= '".$postData['title']."',
		image	= '',
		name	= '".$postData['name']."',
		category 	= '".$postData['category']."',
		type	= '".$postData['type']."',
		state	= '".$postData['state']."',
		location	= '".$postData['location']."',
		email 	= '".$postData['email']."',
		phone	= '".$postData['phone']."',
		description	= '".$postData['description']."'
		";
		executeSql($sql);
		echo 'posted without image';

		}else if ($_FILES['image']["size"] > $max_size)
		{
		echo 'File is too large.';
		}
		else if (preg_match("/$blacklist\$/i", $_FILES['image']['name']))
		{
		echo "Blacklisted File";
		}
		else if (!in_array($_FILES['image']["type"], $file_type))
		{
		echo "file not supported";
		}else{			
		global $uploadPath;
		$remove_symbols = array('+', '=', '-', '{', '}', '$', '(', ')');
		$removed_symbols = str_replace($remove_symbols, "_", $_FILES['image']['name']);  
		$randomnum=rand(00000000,99999999);  
		$imagepath = uploadFile($_FILES['image'], $uploadPath);
		$image = new SimpleImage();
		$image->load($imagepath);
		$image->resize(225,250);
		$resize_rename = $uploadPath.$randomnum._.$removed_symbols;
		$image->save($resize_rename);

		unlink($imagepath); //delete the original file

	    $sql = " INSERT INTO tbl SET
		title	= '".$postData['title']."',
		image	= '".$resize_rename."',
		name	= '".$postData['name']."',
		category 	= '".$postData['category']."',
		type	= '".$postData['type']."',
		state	= '".$postData['state']."',
		location	= '".$postData['location']."',
		email 	= '".$postData['email']."',
		phone	= '".$postData['phone']."',
		description	= '".$postData['description']."'
		";
		executeSql($sql);	
		echo "ad posted successfully with image";
		}
}

 

still when i try to upload anything listed in the blacklist array the error message Blacklisted File do not show instead it shows file not supported

AyKay47 Member

AyKay47

Posted
Posted

you are using an array as the preg_match() first argument.. the first argument needs to be a regular expression pattern, not an array..

that entire condition can be removed, as the !in_array condition takes care of non wanted files..

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.