need clarification on why no error message

[laxi]

Hi

 

can someone tell me why I am not thrown any errors if i upload a file bigger than file size specified in the code. Also it does not throw error if i upload some other extensions instead of images.

 

if i upload an other file extension instead of images it hangs and any image file which is larger than specified size uploads and does not throw errors.

 

Please clarify.

 

 

$allowedext= array("png", "jpeg", "jpg", "gif");
$ext = explode(".", $_FILES_["file"]["name"]);
$extention=end($ext);

if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex)))
{
if (( $_FILES["file"]["error"]>0))
{echo "Error".$_FILES["file"]["error"]."
";
}
else{


move_uploaded_file(($_FILES["file"]["tmp_name"]),"upload/".$_FILES['file']['name']);
echo "Your upload was successful";
}


}



?>

[mac_gyver]

your code doesn't do anything when the file is larger than the upload_max_filesize setting, because that is an upload error and the ["type"] element is empty. your conditional test is false and your code skips to the end of the conditional statement, where you don't have any code to output a message stating why the code didn't do anything. also, your code won't do anything when the file is larger than the post_max_size setting, because the entire $_FILES array will be empty for this error, and again your conditional test will be false and the code doesn't have any code in it to tell you that anything failed.

 

when you specify an extension that doesn't result in a true value in the conditional test, again your code falls through to the end and doesn't output any message stating why it didn't do anything.

 

the test you do have for the upload ['error'] element is after you have tried to use the uploaded file information and since there is no uploaded file information when the upload failed, testing the ['error'] element where it is in the code will never be reached and won't ever tell you anything.

 

so, two things -

 

1) you must test if the upload worked before you can use any of the uploaded file information. because the $_FILES array can be empty for one of the possible upload errors, you need to test if it is even set not empty before you can even test the ['error'] element. edit or you can test if the ['error'] element is exactly === equal to a zero, which will insure it exists and is a zero value.

 

2)  when validating user supplied input, you need to have separate tests and separate and distinct messages telling the user what was wrong with the input he/she supplied. in the case of minimum and maximum values or a specific list of types, it also wouldn't hurt to tell them in the message you output what the limits are, along with what value they used that didn't work.

 

if something doesn't work, your code should have error checking logic in it that tells the user if and why something they did failed, and you need to have internal error logging telling you exactly who, what, when, where, and why something failed (so that you know if problems are occurring and have some information about them so that you can find and fix what is causing them.)

Edited September 24, 2013 by mac_gyver

[Ch0cu3r]

This problem is most probably on this line

if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex)))

It is very hard to read and your most probably have a logic error some where.

 

Code cleaned up. The script should operate as expected

// define allowed file types in an array
$allowedTypes = array(
    'image/png',
    'image/jpeg',
    'image/jpg',
    'image/gif'
);

// define allowed file extensions in array
$allowedExt = array("png", "jpeg", "jpg", "gif");

// define max file size to be uploaded (this needs to be in bytes)
$maxFileSize = 102400;  // 100KB max file size (100 * 1024) theres 1024 bytes in 1KB

// check that form has been submitted
if(isset($_POST['submit']) && is_array($_FILES))
{
    // get the file type
    $fileType = $_FILES['file']['type'];

    // get the file extension using pathinfo function
    $fileExt  = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

    // get fileSize
    $fileSize = $_FILES['file']['size'];

    // check that 
    // - fileType is in allowTypes array,
    // - fileExt is in allowedExt array and
    // - fileSize is not bigger than maxFileSize
    if(in_array($fileType, $allowedTypes) && in_array($fileExt, $allowedExt) && ($fileSize < $maxFileSize))
    {
        if($_FILES['file']['error'] > 0) 
        {
            echo "Error" . $_FILES["file"]["error"];
        }
        else
        {
            move_uploaded_file(($_FILES["file"]["tmp_name"]),"images/uploads/".$_FILES['file']['name']);
            echo "Your upload was successful";
        }
    }
    else
    {
        echo 'problem';
    }
}

[laxi]

 Hi,

 

Your code is amazingly simple and crisp except that I could not understand one small segment of it.

 

ie, if(isset($_POST['submit']) && is_array($_FILES))

 

what is the purpse behind checking the if on [is_array($_FILES)].Please clarify.

 

As far as my understanding about $_FILES goes it is always an associative array? curious to know on this.

 

Thanks again..

 

This problem is most probably on this line

if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex)))

It is very hard to read and your most probably have a logic error some where.

 

Code cleaned up. The script should operate as expected

// define allowed file types in an array
$allowedTypes = array(
    'image/png',
    'image/jpeg',
    'image/jpg',
    'image/gif'
);

// define allowed file extensions in array
$allowedExt = array("png", "jpeg", "jpg", "gif");

// define max file size to be uploaded (this needs to be in bytes)
$maxFileSize = 102400;  // 100KB max file size (100 * 1024) theres 1024 bytes in 1KB

// check that form has been submitted
if(isset($_POST['submit']) && is_array($_FILES))
{
    // get the file type
    $fileType = $_FILES['file']['type'];

    // get the file extension using pathinfo function
    $fileExt  = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

    // get fileSize
    $fileSize = $_FILES['file']['size'];

    // check that 
    // - fileType is in allowTypes array,
    // - fileExt is in allowedExt array and
    // - fileSize is not bigger than maxFileSize
    if(in_array($fileType, $allowedTypes) && in_array($fileExt, $allowedExt) && ($fileSize < $maxFileSize))
    {
        if($_FILES['file']['error'] > 0) 
        {
            echo "Error" . $_FILES["file"]["error"];
        }
        else
        {
            move_uploaded_file(($_FILES["file"]["tmp_name"]),"images/uploads/".$_FILES['file']['name']);
            echo "Your upload was successful";
        }
    }
    else
    {
        echo 'problem';
    }
}

[Ch0cu3r]

It was just an extra check before processing the file upload. The _FILES superglobal array only exists when the file upload form has been submitted successfully. We don't want to process the upload if the file didn't get uploaded for some reason.

Edited September 25, 2013 by Ch0cu3r

[mac_gyver]

The _FILES superglobal array only exists when the file upload form has been submitted successfully.

 

 

NO. the $_FILES array will exist for most of the possible upload errors. you must specifically test that there aren;t any upload errors before using the uploaded file information. see my post above in this thread.

[Ch0cu3r]

NO. the $_FILES array will exist for most of the possible upload errors. you must specifically test that there aren;t any upload errors before using the uploaded file information. see my post above in this thread.

So better to do

// check that form has been submitted
if(isset($_POST['submit']))
{
    // check if no errors
    if(isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0)
    {
        //... process upload here ...
    }
    else
    {
        echo "Error" . $_FILES["file"]["error"];
    }
}

[mac_gyver]

the $_POST array is also empty, $_POST['submit'] won't be set, when you exceed the post_max_size setting.

 

see paragraph 3 and 4 in this post - http://forums.phpfreaks.com/topic/280822-file-upload/?hl=%2Brequest_method&do=findComment&comment=1443432

[laxi]

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
// check if no errors
if(isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0)
{
//... process upload here ...
}
else
{
echo "Error" . $_FILES["file"]["error"];
}
}
else
{ echo 'file size too large.Please reduce file size'};

 

the $_POST array is also empty, $_POST['submit'] won't be set, when you exceed the post_max_size setting.

 

see paragraph 3 and 4 in this post - http://forums.phpfreaks.com/topic/280822-file-upload/?hl=%2Brequest_method&do=findComment&comment=1443432

Edited September 26, 2013 by laxi

[laxi]

btw also let me knw how to insert codes in this forum..

 

Edited September 26, 2013 by laxi