cs1h Posted September 26, 2007 Share Posted September 26, 2007 Hi, I have a script to upload information from a form to a databse and also to upload an image to the server and reference it to the database. I just tried to put limits in it so that the file upload size is limited and also the file type is limited to .jpg but is hasn't worked the file still uploads. When tested I get this message You may only upload GIF files. Sorry your file was not uploadedThe file has been uploaded, and your information has been added to the directory click here to continue. The script is, <?php // Generate a random number $newname = rand(10,100); //This is the directory where images will be saved $target = "mgs/"; //This is our size condition if ($uploaded_size > 35) { echo "Your file is too large.<br>"; $ok=0; } if (!($uploaded_type=="image/gif")) { echo "You may only upload GIF files.<br>"; $ok=0; } //Here we check that $ok was not set to 0 by an error if ($ok==0) { Echo "Sorry your file was not uploaded"; } if ($_FILES['photo']['tmp_name']) { $target = $target . basename( $_FILES['photo']['name']); } else { $target = $target . "dfxfd.jpg"; } $target = str_replace(' ', $newname, $target); // <--- then add the random number in here to replace any spaces $target = str_replace('o', $newname, $target); $target = str_replace('a', $newname, $target); $target = str_replace('e', $newname, $target); $target = str_replace('0', $newname, $target); $target = str_replace('i', $newname, $target); $target = str_replace('u', $newname, $target); $targetb = $_POST['menuFilesDMA']; $targetb = str_replace(' ','_', $targetb); $targetc = $_POST['menuSubjectsDMA']; $targetc = str_replace(' ','_', $targetc); //This gets all the other information from the form $name=$_POST['name']; $continent=($targetc); $country=($targetb); $town=$_POST['title2']; $type=$_POST['Catagory']; $Email=$_POST['Email']; $Title=$_POST['title']; $Abstract=$_POST['message']; $Article=$_POST['messagetwo']; $pic=($target); // Connects to your Database mysql_connect("localhost", "yyy", "xxx") or die(mysql_error()) ; mysql_select_db("real") or die(mysql_error()) ; //Writes the information to the database mysql_query($sql = "insert into `items` (`name`, `Continent`, `country`, `town`, `type`, `alltype`, `Email`, `Title`, `Abstract`, `Article`, `photo`) values ('$name', '$continent', '$country', '$town', '$type', 'all', '$Email', '$Title', '$Abstract', '$Article', '$pic')"); //Writes the photo to the server if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory click <a href=expage.php>here</a> to continue."; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file. Click <a href=add.php>here</a> to try again"; } ?> Does anyone know how I could solve this, all help is much appriciated. Cheers, Colin Quote Link to comment https://forums.phpfreaks.com/topic/70763-solved-help-limiting-file-uploads/ Share on other sites More sharing options...
rarebit Posted September 26, 2007 Share Posted September 26, 2007 You set $ok, yet you have no logic from it carrying on and doing everything else? Quote Link to comment https://forums.phpfreaks.com/topic/70763-solved-help-limiting-file-uploads/#findComment-355774 Share on other sites More sharing options...
cs1h Posted September 26, 2007 Author Share Posted September 26, 2007 Thanks for your responce, I made some changes but it didn't work. I know this is a tall order but does anyone know how I would edit the following script so that it only accepts .jpg files and also has a size limit (preferally in pixels). I am still new to php and don't know what else to try. The script is, <?php // Generate a random number $newname = rand(10,100); //This is the directory where images will be saved $target = "mgs/"; if ($_FILES['photo']['tmp_name']) { $target = $target . basename( $_FILES['photo']['name']); } else { $target = $target . "dfxfd.jpg"; } $target = str_replace(' ', $newname, $target); // <--- then add the random number in here to replace any spaces $target = str_replace('o', $newname, $target); $target = str_replace('a', $newname, $target); $target = str_replace('e', $newname, $target); $target = str_replace('0', $newname, $target); $target = str_replace('i', $newname, $target); $target = str_replace('u', $newname, $target); $targetb = $_POST['menuFilesDMA']; $targetb = str_replace(' ','_', $targetb); $targetc = $_POST['menuSubjectsDMA']; $targetc = str_replace(' ','_', $targetc); //This gets all the other information from the form $name=$_POST['name']; $continent=($targetc); $country=($targetb); $town=$_POST['title2']; $type=$_POST['Catagory']; $Email=$_POST['Email']; $Title=$_POST['title']; $Abstract=$_POST['message']; $Article=$_POST['messagetwo']; $pic=($target); // Connects to your Database mysql_connect("localhost", "xxx", "xxx") or die(mysql_error()) ; mysql_select_db("real") or die(mysql_error()) ; //Writes the information to the database mysql_query($sql = "insert into `items` (`name`, `Continent`, `country`, `town`, `type`, `alltype`, `Email`, `Title`, `Abstract`, `Article`, `photo`) values ('$name', '$continent', '$country', '$town', '$type', 'all', '$Email', '$Title', '$Abstract', '$Article', '$pic')"); //Writes the photo to the server if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory click <a href=expage.php>here</a> to continue."; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file. Click <a href=add.php>here</a> to try again"; } ?> Any help would be much appriciated, Thanks Colin Quote Link to comment https://forums.phpfreaks.com/topic/70763-solved-help-limiting-file-uploads/#findComment-355791 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.