PRodgers4284 Posted February 18, 2008 Share Posted February 18, 2008 I have a file upload option within my website but i need to restrict the file size that can be uploaded, can anyone help or provide some advice, would really appreciate it. The code im using is: $uploadDir = 'upload/'; if (isset($_POST['submit']) && $error_stat == 0) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; // the files will be saved in filePath $filePath = $uploadDir . $fileName; // move the files to the specified directory // if the upload directory is not writable or // something else went wrong $result will be false $result = move_uploaded_file($tmpName, $filePath); if (!$result) { echo "Error uploading file"; exit; } include("database.php"); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } mysql_query("UPDATE users SET username='" . $_POST["username"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',recentjob='" . $_POST["recentjob"] . "',employmenttype='" . $_POST["employmenttype"] . "',careerlevel='" . $_POST["careerlevel"] . "',educationallevel='" . $_POST["educationallevel"] . "',skills='" . $_POST["skills"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='" . $_SESSION["username"] . "'"); ?> Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 18, 2008 Share Posted February 18, 2008 try putting this somewhere in your code: if( $_FILES['userfile']['size'] > 20000 ) { die("File size too big"); } Quote Link to comment Share on other sites More sharing options...
soycharliente Posted February 18, 2008 Share Posted February 18, 2008 When I've done this, I've ... 1. used a hidden form field with a number 2. passed that number to the page that processes the upload 3. checked the size of the file uploaded with the posted value EDIT : Chris92's way seems much more efficient: Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 18, 2008 Author Share Posted February 18, 2008 try putting this somewhere in your code: if( $_FILES['userfile']['size'] > 20000 ) { die("File size too big"); } Thanks worked well, thanks chris appreciate your help Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 18, 2008 Author Share Posted February 18, 2008 try putting this somewhere in your code: if( $_FILES['userfile']['size'] > 20000 ) { die("File size too big"); } Is there a simple way i can check to make sure the file is of a word doc or a pdf type? Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 18, 2008 Share Posted February 18, 2008 There are several simple ways, my favourite would be to put the mime file types that are allowed into an array: <?php $fileTypes = array("application/pdf", "application/msword"); if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ) { die("fietype not allowed"); } ?> Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 18, 2008 Author Share Posted February 18, 2008 There are several simple ways, my favourite would be to put the mime file types that are allowed into an array: <?php $fileTypes = array("application/pdf", "application/msword"); if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ) { die("fietype not allowed"); } ?> Thanks chris, just wondering is there a way i can echo the error out in the form beside the upload button, ive tried using the following code but it doesnt work: <?php if (isset($_POST['submit'])) { $error_stat = 0; $jobcatergory_message = ''; $recentjob_message = ''; $employmenttype_message = ''; $careerlevel_message = ''; $educationallevel_message = ''; $skills_message = ''; $bio_message = ''; $filesize_message = ''; $filetype_message = ''; $jobcatergory = trim($_POST['jobcatergory']); $recentjob = trim($_POST['recentjob']); $employmenttype = trim($_POST['employmenttype']); $careerlevel = trim($_POST['careerlevel']); $educationallevel = trim($_POST['educationallevel']); $skills = trim($_POST['skills']); $bio = trim($_POST['bio']); // Job Category Check) if ($jobcatergory == 'Please Select'){ //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; $jobcatergory_message = '*Please select a Job Catergory*'; } // Current/Most Recent Job Title check) if (!$recentjob) { //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; //Set the message to tell the user to enter a username $recentjob_message = '*Please enter a job title*'; } else if (ctype_digit($recentjob)) { $error_stat = 1; $recentjob_message .= '*Invalid job title*'; } if (strlen($recentjob) > 20){ $error_stat = 1; $recentjob_message = '*Job title must be 20 characters or less*'; } // Job Category Check) if ($employmenttype == 'Please Select'){ //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; $employmenttype_message = '*Please select a Employment Type *'; } // Career Level Check) if ($careerlevel == 'Please Select'){ //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; $careerlevel_message = '*Please select a Career Level *'; } // Educational Level Check) if ($educationallevel == 'Please Select'){ //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; $educationallevel_message = '*Please select an Educational Level *'; } } $uploadDir = 'upload/'; if (isset($_POST['submit']) && $error_stat == 0) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; // the files will be saved in filePath $filePath = $uploadDir . $fileName; // move the files to the specified directory // if the upload directory is not writable or // something else went wrong $result will be false $result = move_uploaded_file($tmpName, $filePath); if( $_FILES['userfile']['size'] > 20000 ){ $error_stat = 1; $filesize_message = '*File size to large *'; } $fileTypes = array("application/pdf", "application/msword"); if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ){ $error_stat = 1; $filetype_message = '*File type not allowed *'; } include("database.php"); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } mysql_query("UPDATE users SET username='" . $_POST["username"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',recentjob='" . $_POST["recentjob"] . "',employmenttype='" . $_POST["employmenttype"] . "',careerlevel='" . $_POST["careerlevel"] . "',educationallevel='" . $_POST["educationallevel"] . "',skills='" . $_POST["skills"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='" . $_SESSION["username"] . "'"); ?> <br /> <a href="index.php">Back to main page</a> <br /> <br /> <br /> You have successfully updated your account . <?php } else { $account = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username='" . $_SESSION["username"] . "'")); ?> <form method="post" class="cvform" action="" enctype="multipart/form-data"> <fieldset> <label for="cvtitle">Add/Edit CV details</label><fieldset> </fieldset> <fieldset> <label for="username">Username:</label> <input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" /><br /> </fieldset> <fieldset> <label for="jobcatergory">Job Category:</label><p></p> <select name="jobcatergory"> <option value="Please Select">Please Select</option> <?php $jobcatergory_opts = array( "Accountancy and Finance", "Banking and Insurance", "Construction", "Customer Service", "Engineering", "Management", "Hotel and Catering", "Information Technology", "Legal", "Marketing", "Medical", "Retail", "Sales", "Secretarial", "Transport and Distribution", "Working from home", ); foreach($jobcatergory_opts as $opt){ $selected = ($account["jobcatergory"]) == $opt ? " selected=true":""; echo "<option value=\"" . $opt . "\"" . $selected . ">" . $opt . "</option>"; } ?> </select> <span class="redboldtxt"><?php echo "$jobcatergory_message";?></span> </fieldset> <fieldset> <label for="recentjob">Current/Most Recent Job Title:</label> <input name="recentjob" type="text" id="recentjob" value="<?php echo $account["recentjob"]; ?>" /><span class="redboldtxt"><?php echo "$recentjob_message";?></span><br /> </fieldset> <fieldset> <label for="employmenttype">Employment Type:</label><p></p> <select name="employmenttype"> <option value="Please Select">Please Select</option> <?php $employmenttype_opts = array( "permanent fulltime", "permanent parttime", "temporary fulltime", "temporary parttime", ); foreach($employmenttype_opts as $opt){ $selected = ($account["employmenttype"]) == $opt ? " selected=true":""; echo "<option value=\"" . $opt . "\"" . $selected . ">" . $opt . "</option>"; } ?> </select> <span class="redboldtxt"><?php echo "$employmenttype_message";?></span> </fieldset> <fieldset> <label for="careerlevel">Career Level:</label><p></p> <select name="careerlevel"> <option value="Please Select">Please Select</option> <?php $careerlevel_opts = array( "School leaver", "Student(Graduate)", "Entry level", "Experienced(Non manager)", "Manager", "Executive", "Senior Executive", ); foreach($careerlevel_opts as $opt){ $selected = ($account["careerlevel"]) == $opt ? " selected=true":""; echo "<option value=\"" . $opt . "\"" . $selected . ">" . $opt . "</option>"; } ?> </select> <span class="redboldtxt"><?php echo "$careerlevel_message";?></span> </fieldset> <fieldset> <label for="educationallevel">Employment Level:</label><p></p> <select name="educationallevel"> <option value="Please Select">Please Select</option> <?php $educationallevel_opts = array( "GCSE", "A-Level", "Third Level Certification", "Third Level Diploma", "Third Level Degree", "Post Graduate Qualification", "Masters", "PHD", "Professional Qualification", "Part Professional Qualification", "Trade Qualification", ); foreach($educationallevel_opts as $opt){ $selected = ($account["educationallevel"]) == $opt ? " selected=true":""; echo "<option value=\"" . $opt . "\"" . $selected . ">" . $opt . "</option>"; } ?> </select> <span class="redboldtxt"><?php echo "$educationallevel_message";?></span> </fieldset> <p></p> <fieldset> Additional Information -<br /> <p></p> </fieldset> <fieldset> <label for="skills">Key Skills</label> <textarea rows="2" name="skills" cols="20"><span class="redboldtxt"><?php echo $account["skills"]; ?></span></textarea><p></p> </fieldset> <input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" class="box" id="userfile"> <span class="redboldtxt"><?php echo "$filesize_message";?></span> <span class="redboldtxt"><?php echo "$filetype_message";?></span> <fieldset> <p class="submit"> <input type="submit" name="submit" value="Upload CV" /> </p> </fieldset> </form> Quote Link to comment Share on other sites More sharing options...
johnseito Posted February 19, 2008 Share Posted February 19, 2008 is there a way to upload excel docs or music docs that you know how to? I put excel docs like this 'application/msexcel' but it doesn't work. thanks Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 19, 2008 Author Share Posted February 19, 2008 This is now sorted, cant same to change the thread to solved though Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.