Jump to content

Help making the uploaded image-path be displayed on the page


Chrisj

Recommended Posts

I need help making the uploaded image file name, that's chosen to be uploaded, be displayed on the html page with the path /upload/ added to the beginning of the displayed file name like so:
../upload/test.png
Any help/improvements will be appreciated.

<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
 <?php
 if ($form_submitted == 'yes') {
 $allowedExts = array("gif", "jpeg", "jpg", "png");
 $temp = explode(".", $_FILES["file"]["name"]);
 $extension = strtolower( end($temp) );
 if (  $_FILES["file"]["size"] < 200000
       && in_array($extension, $allowedExts) )
 {
     if ($_FILES["file"]["error"]!= 0)
     {
         echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
     } else {
         $length = 20;
         move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $newfilename );
         $file_location = '<a href="http://../upload/' . $newfilename . '">' . $newfilename . '</a>';
     }
 } else {
   echo "Invalid upload file";
 }
?>
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
</body>
</html>
Link to comment
Share on other sites

You must first define $newfilename;

 

I would not let the user decide the filename, I would create one myself. 

 

Also, there is a lot of different things people do to control security on images.  You may want to do a little more research on the subject before you just throw a working script up on your site.  There is evil on the web, and evil people just love to hijack servers.

Link to comment
Share on other sites

Thanks for that, however this code (below) doesn't successfully display the path of the chosen file, on the html page, like so:

../upload/test.png
Any help/improvements will be appreciated.

<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
 <?php
 if ($form_submitted == 'yes') {
 $allowedExts = array("gif", "jpeg", "jpg", "png");
 $temp = explode(".", $_FILES["file"]["name"]);
 $extension = strtolower( end($temp) );
 $newfilename = md5($_FILES['tmp']['name'] . time()) . '.' . $extension;
 if (  $_FILES["file"]["size"] < 200000
       && in_array($extension, $allowedExts) )
 {
     if ($_FILES["file"]["error"]!= 0)
     {
         echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
     } else {
         $length = 20;
         move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $newfilename );
         $file_location = '<a href="http://www.--.com/upload/' . $newfilename . '">' . $newfilename . '</a>';
     }
 } else {
   echo "Invalid upload file";
 }
 $description = $description . "\n http://www.--.com/upload/" . $newfilename;
 }
?>
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
</body>
</html>
Link to comment
Share on other sites

$form_submitted is not defined either. So none of the upload code runs. How do you know that a form is submitted? I would use

if($_SERVER['REQUEST_METHOD'] == 'POST')
But, in all reality, you need to go through the script and verify that you have all the variables declared.

 

You should also have error reporting and display errors turned on. You would be getting notices about these little issues.

Link to comment
Share on other sites

In case the answer is no, and because, well, I'm just that kind of guy today.

 

This is working code

 

<?php
 if ($_SERVER['REQUEST_METHOD'] == 'POST') { //if there was a post request sent to this page.
    $allowedExts = array('gif', 'jpeg', 'jpg', 'png'); //list of allowed extensions
    $temp = explode('.', $_FILES['file']['name']); //break the file name on the periods (dots).
    $extension = strtolower( end($temp) ); //return the last element as the $extension.
    $file_location = null;  //define variable.
    $newfilename = null; //define variable.    
    if (  $_FILES['file']['size'] <= 200000   //if the file is slightly less than 2 mb.
       && in_array($extension, $allowedExts) )  { //and the extension is allowed.
        if ($_FILES['file']['error']!= 0)  { //but the file throws an error.
         $error[] =  'Return Code: ' . $_FILES['file']['error'] . '<br>'; //log the error.
        } else { //else the file throws no error.
            $length = 20; //NO IDEA.
            $newfilename = md5($_FILES['file']['tmp_name'] . time()) . '.' . $extension; //create our own unique filename.
            if(!move_uploaded_file($_FILES['file']['tmp_name'], 'upload/' . $newfilename )) {
                $error[] = 'Unable to move file!';
            } //move the file.
            $file_location = '<a href="http://www.--.com/upload/' . $newfilename . '">' . $newfilename . '</a>'; //log the location of the new file.
        }
    } else { //if we are over 2mb, or the extension is not allowd.
        $error[] = 'Invalid upload file'; //log the error.
    }
    $description = $file_location . "<br /> \n http://www.--.com/upload/$newfilename"; //description appends the file location, onto a text string about the file location.
 }
?>
<html>
 <head>
  <title>PHP Test</title>
 </head>
  <body>
<?php
    if(!empty($error)) { //if there are errors
        foreach($error as $err) { //go through them
            echo $err . '<br />'; //print them to the screen.
        }
    } elseif(!empty($description)) { //else if the description is not empty.
        echo $description; //print it to the screen.
    }
?>
<form action="" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file">
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

 

If I were to go live with this, I would add a few more checks into the script for security.  I would even be tempted to re-create the image, just to make sure someone didn't comment some code in it.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.