file upload

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
davy2001
Forum Commoner
Posts: 37
Joined: Tue Feb 24, 2004 5:59 pm

file upload

Post by davy2001 »

Can someone please help me...

im trying to make an upload form that only uploads images. so im trying to make it ONLY upload these file types; jpg, gif, bmp, swf and png.

can someone please help me with this.

:( :?: :( :?: :( :?:
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

Code: Select all

<?
$uploaded_raw=$HTTP_POST_FILES['image']['name']; 
$uploaded_array=explode(".",$uploaded_raw); 
$image_extension = strtolower($uploaded_array[1]); 

// add acceptable extensions here
if($image_extension !== "jpg") {
die ("WARNING!: This file is not acceptable you dirty rat.");
  }

?>
Something along those lines..
davy2001
Forum Commoner
Posts: 37
Joined: Tue Feb 24, 2004 5:59 pm

Post by davy2001 »

thx, ill try that
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

that one is not always correct, what if the file was named "Index.jpg.php"?
davy2001
Forum Commoner
Posts: 37
Joined: Tue Feb 24, 2004 5:59 pm

Post by davy2001 »

well, how would i do it then?
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

Good point vigge ...

Try it this way then . Not guarenteed to work, just threw it together.

Code: Select all

<? 
$uploaded_raw=$HTTP_POST_FILES['image']['name']; 

$image_extension = substr(strtolower($uploaded_raw), -4, 4));
// this should gif you the extension ... LAST four characters ... example .jpg

// add acceptable extensions here 
if($image_extension !== ".jpg") { 
die ("WARNING!: This file is not acceptable you dirty rat."); 
  } 

?>
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Post by TheBentinel.com »

tsg wrote:

Code: Select all

<? 
$uploaded_raw=$HTTP_POST_FILES['image']['name']; 

$image_extension = substr(strtolower($uploaded_raw), -4, 4));
// this should gif you the extension ... LAST four characters ... example .jpg
That works as long as they don't call their JPEG's .jpeg

To handle extensions that aren't 3 characters, you could do a strrev on the name, then use the first example you were given to get the first item, then reverse that again. Like:

Code: Select all

$uploaded_raw=$HTTP_POST_FILES['image']['name']; 

$reverseName = strrev(strtolower($uploaded_raw));
$uploaded_array=explode(".",$reverseName); 
$image_extension = strrev($uploaded_array[1]);
Seems like a lot of work to get the file extension, but I think it's the only reliable way.
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

If when you are checking for acceptable extensions ... you could create something like this:

Code: Select all

<?php

if(($image_extension !== ".gif") AND  ($image_extension !== "jpeg") AND ($image_extension !== ".jpg")==TRUE) {
 
die ("WARNING!: This file is not acceptable you dirty rat."); 
  } 

?>
So the code would be something like this:

Code: Select all

<? 
$uploaded_raw=$HTTP_POST_FILES['image']['name']; 

$image_extension = substr(strtolower($uploaded_raw), -4, 4)); 
// this should gif you the extension ... LAST four characters ... example .jpg 

// add acceptable extensions here 
if(($image_extension !== ".gif") AND  ($image_extension !== "jpeg") AND ($image_extension !== ".jpg")==TRUE) {
 
die ("WARNING!: This file is not acceptable you dirty rat."); 
  } 

?>
davy2001
Forum Commoner
Posts: 37
Joined: Tue Feb 24, 2004 5:59 pm

Post by davy2001 »

ok, here is what i did to TRY and make it work:

in the html file:

Code: Select all

&lt;html&gt;
&lt;head&gt;
&lt;title&gt;Image Gallery&lt;/title&gt;
&lt;/head&gt;
&lt;body background="graphics/bakground.gif" text="#00CC00" link="#00CF00" vlink="#00CF00" alink="#00CF00"&gt;
&lt;div align="center"&gt;
&lt;br&gt;
&lt;iframe height="400" width="400" src="images.html" scrolling="auto" allowtransparency="YES"&gt;&lt;/iframe&gt;
&lt;/div&gt;
&lt;div align="center"&gt;
  &lt;form action="upload.php" method="post" enctype="multipart/form-data" name="form1"&gt;
    &lt;table width="350" border="1" cellpadding="1" cellspacing="1" bordercolor="#00CC00"&gt;
      &lt;tr&gt;
        &lt;td align="right" valign="top"&gt;Your Name: &lt;/td&gt;
        &lt;td&gt;&lt;input name="name" type="text" id="name"&gt;&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
        &lt;td width="97" align="right" valign="top"&gt;&lt;div align="right"&gt;Image Title: &lt;/div&gt;&lt;/td&gt;
        &lt;td width="240"&gt;&lt;input name="imagename" type="text" id="imagename"&gt;&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
        &lt;td align="right" valign="top"&gt;&lt;div align="right"&gt;Description:&lt;/div&gt;&lt;/td&gt;
        &lt;td&gt;&lt;textarea name="description" id="description"&gt;&lt;/textarea&gt;&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
        &lt;td align="right" valign="top"&gt;&lt;div align="right"&gt;File:&lt;/div&gt;&lt;/td&gt;
        &lt;td&gt;&lt;input name="filename" type="file" id="filename"&gt;
        &lt;input type="hidden" name="MAX_FILE_SIZE" value="2097152"&gt;&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
        &lt;td colspan="2"&gt;&lt;div align="center"&gt;
          &lt;input type="submit" name="Submit" value="Send Image"&gt;
        &lt;/div&gt;&lt;/td&gt;
      &lt;/tr&gt;
    &lt;/table&gt;
  &lt;/form&gt;
  &lt;/div&gt;
&lt;/body&gt;
&lt;/html&gt;
and in the php file i put:

Code: Select all

<?php
$filename=$_POST['filename'];
$description = $_POST['description'];
$imagename = $_POST['imagename'];
$name = $_POST['name'];
$date = date("n-j-Y, g:i:sa");


//uploads the file//
$path = "/images"; 	//SET THIS TO THE RELATIVE PATH FROM WHERE THE SCRIPT IS TO WHERE THE FILE SHOULD BE UPLOADED TO,
if($filename){
print("File name: $file_name<P>/n");
print("File size: $file_size bytes<P>/n");
if(copy($file, "$path/$filename")){
print("Your File was uploaded successfully");
}else{
print("ERROR, your file was not successfully uploaded");
}
unlink($file);
}

//adds to the images.html//
$filename = 'images.html';
$fp = fopen($filename, "a");
$string = "
$imagename<i>: </i></b><i>Added by $name on $date</i>
<br>
<b>Description: </b><i>$description</i>
<br>
<a href=images/$filename target=_blank>Click here</a>
<br>
";
$write = fputs($fp, $string);
fclose($fp);

Header ('Location index.html');
?>
what have i done wrong?
i just get an error saying "Notice: Undefined index: filename in c:\server\www\flashworld\gallery\upload.php on line 2" when i press the submit button
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Post by TheBentinel.com »

I recall in ASP there was something tricky about having both a file upload and regular form variables in the same form. Like you couldn't do it, or you could but you had to jump through all sorts of hoops. It's been like 6 years so maybe I'm just making it up, but it sounds awfully familiar. Whatever the problem was, it sprung from a level that would affect PHP, too.

If you pull out the file upload part, does the filename variable suddenly become available?

I know that doesn't solve your problem, but it might help define it. Maybe you'll need to break it into two sections, one for naming the file and another for uploading it.

Maybe. I don't know. Maybe the polyurethane fumes are getting to me...
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Check mime types, and/or explode by "." and [php_man]count[/php_man]() the array and use the last key, by subtracting one to the total number of array elements. Those two remove the possibility of being screwed over by something named pic.01.jpg.:)

Oh and use $_FILES for uploads.

Run this script on the handling page:

Code: Select all

<?php
echo '<pre>';
  print_r($_FILES);
echo '</pre?';
?>
To see all the info about the file.
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

I think the problem now is that ... $filename=$_POST['filename'];

$filename is an array .. should be something like

$filename=$HTTP_POST_FILES['image']['name'];
Post Reply