laxi Posted September 24, 2013 Share Posted September 24, 2013 Hi can someone tell me why I am not thrown any errors if i upload a file bigger than file size specified in the code. Also it does not throw error if i upload some other extensions instead of images. if i upload an other file extension instead of images it hangs and any image file which is larger than specified size uploads and does not throw errors. Please clarify. $allowedext= array("png", "jpeg", "jpg", "gif");$ext = explode(".", $_FILES_["file"]["name"]);$extention=end($ext);if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex))){if (( $_FILES["file"]["error"]>0)){echo "Error".$_FILES["file"]["error"]."";}else{move_uploaded_file(($_FILES["file"]["tmp_name"]),"upload/".$_FILES['file']['name']);echo "Your upload was successful";}}?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted September 24, 2013 Share Posted September 24, 2013 (edited) your code doesn't do anything when the file is larger than the upload_max_filesize setting, because that is an upload error and the ["type"] element is empty. your conditional test is false and your code skips to the end of the conditional statement, where you don't have any code to output a message stating why the code didn't do anything. also, your code won't do anything when the file is larger than the post_max_size setting, because the entire $_FILES array will be empty for this error, and again your conditional test will be false and the code doesn't have any code in it to tell you that anything failed. when you specify an extension that doesn't result in a true value in the conditional test, again your code falls through to the end and doesn't output any message stating why it didn't do anything. the test you do have for the upload ['error'] element is after you have tried to use the uploaded file information and since there is no uploaded file information when the upload failed, testing the ['error'] element where it is in the code will never be reached and won't ever tell you anything. so, two things - 1) you must test if the upload worked before you can use any of the uploaded file information. because the $_FILES array can be empty for one of the possible upload errors, you need to test if it is even set not empty before you can even test the ['error'] element. edit or you can test if the ['error'] element is exactly === equal to a zero, which will insure it exists and is a zero value. 2) when validating user supplied input, you need to have separate tests and separate and distinct messages telling the user what was wrong with the input he/she supplied. in the case of minimum and maximum values or a specific list of types, it also wouldn't hurt to tell them in the message you output what the limits are, along with what value they used that didn't work. if something doesn't work, your code should have error checking logic in it that tells the user if and why something they did failed, and you need to have internal error logging telling you exactly who, what, when, where, and why something failed (so that you know if problems are occurring and have some information about them so that you can find and fix what is causing them.) Edited September 24, 2013 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted September 24, 2013 Share Posted September 24, 2013 This problem is most probably on this line if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex))) It is very hard to read and your most probably have a logic error some where. Code cleaned up. The script should operate as expected // define allowed file types in an array $allowedTypes = array( 'image/png', 'image/jpeg', 'image/jpg', 'image/gif' ); // define allowed file extensions in array $allowedExt = array("png", "jpeg", "jpg", "gif"); // define max file size to be uploaded (this needs to be in bytes) $maxFileSize = 102400; // 100KB max file size (100 * 1024) theres 1024 bytes in 1KB // check that form has been submitted if(isset($_POST['submit']) && is_array($_FILES)) { // get the file type $fileType = $_FILES['file']['type']; // get the file extension using pathinfo function $fileExt = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); // get fileSize $fileSize = $_FILES['file']['size']; // check that // - fileType is in allowTypes array, // - fileExt is in allowedExt array and // - fileSize is not bigger than maxFileSize if(in_array($fileType, $allowedTypes) && in_array($fileExt, $allowedExt) && ($fileSize < $maxFileSize)) { if($_FILES['file']['error'] > 0) { echo "Error" . $_FILES["file"]["error"]; } else { move_uploaded_file(($_FILES["file"]["tmp_name"]),"images/uploads/".$_FILES['file']['name']); echo "Your upload was successful"; } } else { echo 'problem'; } } Quote Link to comment Share on other sites More sharing options...
laxi Posted September 25, 2013 Author Share Posted September 25, 2013 Hi, Your code is amazingly simple and crisp except that I could not understand one small segment of it. ie, if(isset($_POST['submit']) && is_array($_FILES)) what is the purpse behind checking the if on [is_array($_FILES)].Please clarify. As far as my understanding about $_FILES goes it is always an associative array? curious to know on this. Thanks again.. This problem is most probably on this line if(( $_FILES["file"]["type"]=="image/png")||($_FILES["file"]["type"]=="image/jpeg")||($_FILES["file"]["type"]== "image/jpg" )||($_FILES["file"]["type"]=="image/gif")&& ($_FILES["file"]["size"]< 2)&& (in_aray($extention,$allowedex))) It is very hard to read and your most probably have a logic error some where. Code cleaned up. The script should operate as expected // define allowed file types in an array $allowedTypes = array( 'image/png', 'image/jpeg', 'image/jpg', 'image/gif' ); // define allowed file extensions in array $allowedExt = array("png", "jpeg", "jpg", "gif"); // define max file size to be uploaded (this needs to be in bytes) $maxFileSize = 102400; // 100KB max file size (100 * 1024) theres 1024 bytes in 1KB // check that form has been submitted if(isset($_POST['submit']) && is_array($_FILES)) { // get the file type $fileType = $_FILES['file']['type']; // get the file extension using pathinfo function $fileExt = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); // get fileSize $fileSize = $_FILES['file']['size']; // check that // - fileType is in allowTypes array, // - fileExt is in allowedExt array and // - fileSize is not bigger than maxFileSize if(in_array($fileType, $allowedTypes) && in_array($fileExt, $allowedExt) && ($fileSize < $maxFileSize)) { if($_FILES['file']['error'] > 0) { echo "Error" . $_FILES["file"]["error"]; } else { move_uploaded_file(($_FILES["file"]["tmp_name"]),"images/uploads/".$_FILES['file']['name']); echo "Your upload was successful"; } } else { echo 'problem'; } } Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted September 25, 2013 Share Posted September 25, 2013 (edited) It was just an extra check before processing the file upload. The _FILES superglobal array only exists when the file upload form has been submitted successfully. We don't want to process the upload if the file didn't get uploaded for some reason. Edited September 25, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted September 25, 2013 Share Posted September 25, 2013 The _FILES superglobal array only exists when the file upload form has been submitted successfully. NO. the $_FILES array will exist for most of the possible upload errors. you must specifically test that there aren;t any upload errors before using the uploaded file information. see my post above in this thread. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted September 25, 2013 Share Posted September 25, 2013 NO. the $_FILES array will exist for most of the possible upload errors. you must specifically test that there aren;t any upload errors before using the uploaded file information. see my post above in this thread. So better to do // check that form has been submitted if(isset($_POST['submit'])) { // check if no errors if(isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0) { //... process upload here ... } else { echo "Error" . $_FILES["file"]["error"]; } } Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted September 25, 2013 Share Posted September 25, 2013 the $_POST array is also empty, $_POST['submit'] won't be set, when you exceed the post_max_size setting. see paragraph 3 and 4 in this post - http://forums.phpfreaks.com/topic/280822-file-upload/?hl=%2Brequest_method&do=findComment&comment=1443432 Quote Link to comment Share on other sites More sharing options...
laxi Posted September 26, 2013 Author Share Posted September 26, 2013 (edited) if($_SERVER['REQUEST_METHOD'] == 'POST'){// check if no errorsif(isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0){//... process upload here ...}else{echo "Error" . $_FILES["file"]["error"];}}else{ echo 'file size too large.Please reduce file size'}; the $_POST array is also empty, $_POST['submit'] won't be set, when you exceed the post_max_size setting. see paragraph 3 and 4 in this post - http://forums.phpfreaks.com/topic/280822-file-upload/?hl=%2Brequest_method&do=findComment&comment=1443432 Edited September 26, 2013 by laxi Quote Link to comment Share on other sites More sharing options...
laxi Posted September 26, 2013 Author Share Posted September 26, 2013 (edited) btw also let me knw how to insert codes in this forum.. Edited September 26, 2013 by laxi Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.