Jump to content

file upload code question

pouncer

By pouncer
in PHP Coding Help

 Share

Recommended Posts

pouncer Advanced Member

pouncer

Posted
Posted
[code]
if (isset($_POST['Submit'])) {
$target_path = "../profile_images/";
$nm = basename($_FILES['imageupload']['name']);

$target_path = $target_path . $nm;

if(move_uploaded_file($_FILES['imageupload']['tmp_name'], $target_path)) {
echo "The file ".  $nm . " has been uploaded to your profile.";

$user_id = $_SESSION['UserID'];

$Image_URL = "thumbnail.php?im=" . "profile_images/" . $nm;

$profile = mysql_query("UPDATE user_profile SET
Image_URL = '$Image_URL'
WHERE user_id = '$user_id'
") or die (mysql_error());
}

else echo "There was an error uploading the image, please try again.";
}
[/code]

does this mean i can only upload .jpgs ?
how can i make it give an error if i specify a wrong file type to be uploaded
Link to comment
Share on other sites
Ninjakreborn Prolific Member

Ninjakreborn

Posted
Posted
There is nothing in there to restrict filetypes, they could upload whatever they wanted to that script.
Even php file's, (I ran into that awhile back)
What you want to do now, is start an array, with all the accepted extensions, then from there you want to use regex to differ waht file types you want to accept.

Here are some examples of things I have done in the past that are similar (actually 100% the same), for you to look at, as references.
[code]<?php
$_accepted_extensions = array('.jpg', '.bmp', '.gif');
if (is_uploaded_file($_FILES['lostimage']['tmp_name'])) { // start check

$tmp = pathinfo($_FILES['lostimage']['name']);
if (!in_array('.' . $tmp['extension'], $_accepted_extensions)) {
$errorhandler .= "<span class=\"logspan\">";
$errorhandler .= "Unfortunately the file extension is not on our accepted<br />";
$errorhandler .= "extension list.  This can be caused by 2 possible things.<br /";
$errorhandler .= "The first thing is you could just simply have the wrong<br />";
$errorhandler .= "extension type.  The second thing is it could be<br />";
$errorhandler .= "of the 4 letter extension type instead of three for instance<br />";
$errorhandler .= "jpeg, instead of the approved jpg.  Please convert them to<br />";
$errorhandler .= "3 letter aliases.<br />";
$errorhandler .= "</span>";
}
$basepath = "postlost/imguploads/";
$filename = $_FILES['lostimage']['name'];
$relativeurl = $basepath . $filename;
// The code below I used from a friend named just some guy from the forums at
// w3schools.  It takes the path name, and the
// file name of the file I am using, and it tests the directory to see if the file
// already exists.  If it exists then it takes the current filename and path
// I am working with in my script, and renames the file, enought to where it can
// still be added.  This isn't used necessarily to allow someone to upload
// the same file 2 times, but more of if it ends up being the situation
// where the filename is the same on 2 different computers and those files
// just end up happening to have the same name. 
// Just a safegaurd against discrepancies in case.
// The whole section between if and else below was created by someone else.
if (file_exists($basepath . $filename))
{
$nr = 0;
$filename = $_FILES['lostimage']['name'] . "_{$nr}";
while (file_exists($basepath . $filename)) {
  $filename = $_FILES['lostimage']['name'] . "_" . $nr++;
}
}
// end script from just some guy on w3schools.com that tests if the filename
// exists or not

}// end file check
?>[/code]

That is one shitty example on and old site I did a long time ago.  I have this bad habit of when creating an admin panel, I never screen filetypes for the admins, I tried looking through all my scripts, the recent script I built that I have been re-using doesn't screen filetypes, for doing multiple uploads like 30 at a time, so for some reason I have neglected to build in that 1 critical thing, I am going to go back and fix that.

I looked and that is the only current example I have, I deleted another older project (I don't do that anymore), that contained very powerful code to do just that.  I had it setup to screen every filetype I could think of, and redirect them to proper pages, for viewing, adn everything else.  It was an entire file handling system, that I deleted, and it pisses me off even to that day, I wish I had my old copy of that, it was helpign with file handling a lot.

Hopefully what I have offered will help you atleast some though.


[quote]I highly recommend you read PHPFreaks' tutorial on file uploading. I have been using this class for years now and it works perfectly... and has a function to specify the file formats you want to allow.

http://www.phpfreaks.com/tutorials/85/0.php
[/quote]
That is very good advice, and I think I will take a look at that myself.

Link to comment
Share on other sites
pouncer Advanced Member

pouncer

Posted
  • Author
Posted
just as a quick solution, i tried this:

[code]
$_accepted_extensions = array('.jpg', '.bmp', '.gif');
$tmp = pathinfo($_FILES['imageupload']['name']);

if (!in_array('.' . $tmp['extension'], $_accepted_extensions)) {
echo "Wrong file type";
return;
}
[/code]

but it doesnt echo anything, it still attempts to uplaod the file with the wrong file extension
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.