Jump to content

Recommended Posts

Hello,

 If anyone could help with this i will be in your debt.
I have this form to upload some photo on the server.

<?php

echo 'Profile photo (select the file and press upload)';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50" required><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
$types = array('image/jpeg', 'image/gif','image/png');
echo '<br />';
echo 'Face photo (select the file and press upload)';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50" required><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
$types = array('image/jpeg', 'image/gif','image/png');
if (in_array($_FILES['file']['type'], $types)) {
if ($_POST['_upl'] == "Upload") {
    if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
        echo '<FONT Size="+1"  color="green"></font>';
    } else {
        echo 'Upload Fail.';
        }
    }
} else {
    if ($_FILES['file']) {
echo '<FONT Size="+1"  color="red">This extension is not allowed , please upload only .jpg .png .gif files.</font>';
        }
}

?>




I get this error " Notice: Undefined index: file in "on the following lines:


 if (in_array($_FILES['file']['type'], $types)) {

and here:

    if ($_FILES['file']) {


what do i do wrong?

Link to comment
https://forums.phpfreaks.com/topic/302459-notice-undefined-index/
Share on other sites

When you first load the page, no data has been posted.

 

You need to check if the data has been sent and process the data only if it has

if ($_SERVER['REQUEST_METHOD']=='POST') {

    // form processing code goes here

}

There are plenty of other serious problems:

  • You can't just rely on $_FILES['file']['type'], because this information is provided by the user and can be set to absolutely anything they want. In other words, I could upload arbitrary malware as long as I tell you it's an image.
  • You cannot move the file to an arbitrary user-chosen location either, because this will overwrite existing files. In other words, I could screw up your entire upload directory (and maybe more?) simply by uploading garbage with common filenames. Where do you even copy the files to? I see no mention of a specific destination path anywhere.
  • There's no error checking of any kind.

I know, this is “just a school project” yada yada yada, but c'mon, you cannot be that naive. Has it never occured to you that code should be able to deal with both errors and malicious behavior?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.