Jump to content

Recommended Posts

Hi. I have a file upload script and I want to allow css files to be uploaded as well. Here is my code allowing the certain filetipes allowed to be uploaded.

|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))

When I tried doing this code to allow css files through

|| ($_FILES["file"]["type"] == "text/css"))

it didn't work. Should it?

 

If not, what did I do wrong?

Link to comment
https://forums.phpfreaks.com/topic/283561-allowing-css-to-be-uploaded-php/
Share on other sites

That's strange. It says

Invalid file

Array
(
    [file] => Array
        (
            [name] => bootstrap-theme.css
            [type] => text/css
            [tmp_name] => /tmp/php9QKeIm
            [error] => 0
            [size] => 17202
        )

)

but my code is

|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "text/css")
|| ($_FILES["file"]["type"] == "image/png"))

I don't see what's going wrong

Slightly off topic. Instead of a bunch of OR statements in your condition, I'd suggest creating an array of allowed types and using in_array()

 

 

$allowedTypes = array('image/jpeg', 'image/jpg', 'image/pjpeg', 'image/x-png', 'text/css', 'image/png');
 
if(in_array($_FILES["file"]["type"], $allowedTypes))
{
    //File is allowed
}
else
{
    //File is not allowed
}

based on the error message, your code is based on the w3schools code and has lumped together all the validation tests into one with one generic error message. what's really really sad about the w3schools code is they 'improved' it to add file extension testing, but the rest of the code that they didn't change is just as bad as it was.

 

when validating user supplied input, an uploaded file in this case, a) you must test if the upload worked without error before you attempt to use any of the uploaded file information, and b) you need to have separate, unique, and verbose messages telling the user what is wrong with the input they supplied (in this case, its probably the file extension) and what if anything they can do to fix the problem. assuming the problem is the file extension, tell the user what value the code used from his upload file (css) and what the permitted values are.

based on the error message, your code is based on the w3schools code and has lumped together all the validation tests into one with one generic error message. what's really really sad about the w3schools code is they 'improved' it to add file extension testing, but the rest of the code that they didn't change is just as bad as it was.

 

when validating user supplied input, an uploaded file in this case, a) you must test if the upload worked without error before you attempt to use any of the uploaded file information, and b) you need to have separate, unique, and verbose messages telling the user what is wrong with the input they supplied (in this case, its probably the file extension) and what if anything they can do to fix the problem. assuming the problem is the file extension, tell the user what value the code used from his upload file (css) and what the permitted values are.

Should I use a different set of code? Because the code I used worked for everything I needed BUT css...

 

Slightly off topic. Instead of a bunch of OR statements in your condition, I'd suggest creating an array of allowed types and using in_array()

$allowedTypes = array('image/jpeg', 'image/jpg', 'image/pjpeg', 'image/x-png', 'text/css', 'image/png');
 
if(in_array($_FILES["file"]["type"], $allowedTypes))
{
    //File is allowed
}
else
{
    //File is not allowed
}

I'll try that.. Thanks

What other code do you need? I thought that that was all that was important

The code you have posted is not enough no.

 

However after reading mac_gyver's post I guess you are using the upload code from w3schools.  In which case you need to add css to the $allowedExts arrays as well as checking for the file type.

$allowedExts = array("gif", "jpeg", "jpg", "png", "css"); // add css to this array
...
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "text/css")
|| ($_FILES["file"]["type"] == "image/png"))
...

 

The code you have posted is not enough no.

 

However after reading mac_gyver's post I guess you are using the upload code from w3schools.  In which case you need to add css to the $allowedExts arrays as well as checking for the file type.

$allowedExts = array("gif", "jpeg", "jpg", "png", "css"); // add css to this array
...
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "text/css")
|| ($_FILES["file"]["type"] == "image/png"))
...

Thanks! I decided to use  Psycho's code instead and it worked. Thanks so much though.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.