file types restriction
Moderator: General Moderators
Re: file types restriction
explode returns an array, so that check is definitely going to fail. Expecting the filename to contain any number of dots is not reliable, nor is expecting the extension to tell you anything about the file contents. Mime type is definitely a better approach. I'd drop the extension checking altogether.
Re: file types restriction
Code: Select all
if (isset($_POST['submit']) && isset($error) == '') { // if there is no error, then process further
echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success messageAlso, what's going on here?
Code: Select all
isset($error) == ''Code: Select all
$sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`, `role`)
VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}', 'Candidate')";
$allowedExts = array(
"pdf",
"doc",
"docx"
);
$allowedMimeTypes = array(
'application/msword',
'application/pdf'
);
$extension = explode(".", $_FILES["cvfile"]["name"]);
if ( ! ( in_array($extension, $allowedExts ) ) ) {
die('Please provide another file type [E/2].');
}
if ( in_array( $_FILES["cvfile"]["type"], $allowedMimeTypes ) )
{
move_uploaded_file($_FILES["cvfile"]["tmp_name"], "/home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidatecvs/" . $_FILES["cvfile"]["name"]);
}
else
{
die('Please provide another file type [E/3].');
}
}
if ($mysqli->query($sql)) {Re: file types restriction
That sounds like expected behaviour.the form is adding the data to the database but not uploading the file, I am uploading a php file but have only allowed pdf, doc and docx to be uploaded
Re: file types restriction
You're not allowing PHP files, you tried uploading a PHP file and it didn't work. Where's the problem?
Re: file types restriction
Look at your program flow. If the file extension is not in the allowed list, you echo an error message... and then keep right on going. The SQL query shouldn't execute. You'll want to move execution into that else block or reconsider your logic.
Re: file types restriction
Trace the flow of execution. What happens if $uploadOK is 0? You display an error message, skip over the else block, and execution continues.
Re: file types restriction
Like I mentioned above, you're displaying an error message but you're not doing anything to stop the query from executing.
Also, indentation matters. Keeping your code clean keeps it easier to read.
Code: Select all
// Allow certain file formats
if($imageFileType != "pdf" && $imageFileType != "doc" && $imageFileType != "docx" ) {
echo "Sorry, only PDF, DOC & DOCX files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["cvfile"]["tmp_name"], $target)) {
echo "The file ". basename( $_FILES["cvfile"]["name"]). " has been uploaded.";
// This is the only condition in which you want to insert a new record into the DB. Query should go here.
} else {
echo "Sorry, there was an error uploading your file.";
}
}