Help making the uploaded image-path be displayed on the page

[Chrisj]

I need help making the uploaded image file name, that's chosen to be uploaded, be displayed on the html page with the path /upload/ added to the beginning of the displayed file name like so:
../upload/test.png
Any help/improvements will be appreciated.

<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
 <?php
 if ($form_submitted == 'yes') {
 $allowedExts = array("gif", "jpeg", "jpg", "png");
 $temp = explode(".", $_FILES["file"]["name"]);
 $extension = strtolower( end($temp) );
 if (  $_FILES["file"]["size"] < 200000
       && in_array($extension, $allowedExts) )
 {
     if ($_FILES["file"]["error"]!= 0)
     {
         echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
     } else {
         $length = 20;
         move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $newfilename );
         $file_location = '<a href="http://../upload/' . $newfilename . '">' . $newfilename . '</a>';
     }
 } else {
   echo "Invalid upload file";
 }
?>
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
</body>
</html>

[jcbones]

You must first define $newfilename;

 

I would not let the user decide the filename, I would create one myself. 

 

Also, there is a lot of different things people do to control security on images.  You may want to do a little more research on the subject before you just throw a working script up on your site.  There is evil on the web, and evil people just love to hijack servers.

[Chrisj]

Thanks for your reply. Much appreciated.

Can you give me an example of how I can define $newfilename, please?

[jcbones]

This should be sufficient to make sure it is unique.

 

$newfilename = md5($_FILES['tmp']['name'] . time()) . '.' . $extension;

[Chrisj]

Thanks for that, however this code (below) doesn't successfully display the path of the chosen file, on the html page, like so:

../upload/test.png
Any help/improvements will be appreciated.

<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
 <?php
 if ($form_submitted == 'yes') {
 $allowedExts = array("gif", "jpeg", "jpg", "png");
 $temp = explode(".", $_FILES["file"]["name"]);
 $extension = strtolower( end($temp) );
 $newfilename = md5($_FILES['tmp']['name'] . time()) . '.' . $extension;
 if (  $_FILES["file"]["size"] < 200000
       && in_array($extension, $allowedExts) )
 {
     if ($_FILES["file"]["error"]!= 0)
     {
         echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
     } else {
         $length = 20;
         move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $newfilename );
         $file_location = '<a href="http://www.--.com/upload/' . $newfilename . '">' . $newfilename . '</a>';
     }
 } else {
   echo "Invalid upload file";
 }
 $description = $description . "\n http://www.--.com/upload/" . $newfilename;
 }
?>
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
</body>
</html>

[jcbones]

$form_submitted is not defined either. So none of the upload code runs. How do you know that a form is submitted? I would use

if($_SERVER['REQUEST_METHOD'] == 'POST')

But, in all reality, you need to go through the script and verify that you have all the variables declared.

 

You should also have error reporting and display errors turned on. You would be getting notices about these little issues.

[Chrisj]

Thanks

[jcbones]

Did you get this resolved, or do you still need help?

[jcbones]

In case the answer is no, and because, well, I'm just that kind of guy today.

 

This is working code

 

<?php
 if ($_SERVER['REQUEST_METHOD'] == 'POST') { //if there was a post request sent to this page.
    $allowedExts = array('gif', 'jpeg', 'jpg', 'png'); //list of allowed extensions
    $temp = explode('.', $_FILES['file']['name']); //break the file name on the periods (dots).
    $extension = strtolower( end($temp) ); //return the last element as the $extension.
    $file_location = null;  //define variable.
    $newfilename = null; //define variable.    
    if (  $_FILES['file']['size'] <= 200000   //if the file is slightly less than 2 mb.
       && in_array($extension, $allowedExts) )  { //and the extension is allowed.
        if ($_FILES['file']['error']!= 0)  { //but the file throws an error.
         $error[] =  'Return Code: ' . $_FILES['file']['error'] . '<br>'; //log the error.
        } else { //else the file throws no error.
            $length = 20; //NO IDEA.
            $newfilename = md5($_FILES['file']['tmp_name'] . time()) . '.' . $extension; //create our own unique filename.
            if(!move_uploaded_file($_FILES['file']['tmp_name'], 'upload/' . $newfilename )) {
                $error[] = 'Unable to move file!';
            } //move the file.
            $file_location = '<a href="http://www.--.com/upload/' . $newfilename . '">' . $newfilename . '</a>'; //log the location of the new file.
        }
    } else { //if we are over 2mb, or the extension is not allowd.
        $error[] = 'Invalid upload file'; //log the error.
    }
    $description = $file_location . "<br /> \n http://www.--.com/upload/$newfilename"; //description appends the file location, onto a text string about the file location.
 }
?>
<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
<?php
    if(!empty($error)) { //if there are errors
        foreach($error as $err) { //go through them
            echo $err . '<br />'; //print them to the screen.
        }
    } elseif(!empty($description)) { //else if the description is not empty.
        echo $description; //print it to the screen.
    }
?>
<form action="" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

 

If I were to go live with this, I would add a few more checks into the script for security.  I would even be tempted to re-create the image, just to make sure someone didn't comment some code in it.