Page 1 of 1
file upload
Posted: Sat Mar 13, 2004 2:55 pm
by davy2001
Posted: Sat Mar 13, 2004 8:33 pm
by tsg
Code: Select all
<?
$uploaded_raw=$HTTP_POST_FILES['image']['name'];
$uploaded_array=explode(".",$uploaded_raw);
$image_extension = strtolower($uploaded_array[1]);
// add acceptable extensions here
if($image_extension !== "jpg") {
die ("WARNING!: This file is not acceptable you dirty rat.");
}
?>
Something along those lines..
Posted: Sat Mar 13, 2004 10:36 pm
by davy2001
thx, ill try that
Posted: Sun Mar 14, 2004 3:22 am
by vigge89
that one is not always correct, what if the file was named "Index.jpg.php"?
Posted: Sun Mar 14, 2004 5:21 am
by davy2001
well, how would i do it then?
Posted: Sun Mar 14, 2004 7:32 am
by tsg
Good point vigge ...
Try it this way then . Not guarenteed to work, just threw it together.
Code: Select all
<?
$uploaded_raw=$HTTP_POST_FILES['image']['name'];
$image_extension = substr(strtolower($uploaded_raw), -4, 4));
// this should gif you the extension ... LAST four characters ... example .jpg
// add acceptable extensions here
if($image_extension !== ".jpg") {
die ("WARNING!: This file is not acceptable you dirty rat.");
}
?>
Posted: Sun Mar 14, 2004 7:56 am
by TheBentinel.com
tsg wrote:
Code: Select all
<?
$uploaded_raw=$HTTP_POST_FILES['image']['name'];
$image_extension = substr(strtolower($uploaded_raw), -4, 4));
// this should gif you the extension ... LAST four characters ... example .jpg
That works as long as they don't call their JPEG's .jpeg
To handle extensions that aren't 3 characters, you could do a strrev on the name, then use the first example you were given to get the first item, then reverse that again. Like:
Code: Select all
$uploaded_raw=$HTTP_POST_FILES['image']['name'];
$reverseName = strrev(strtolower($uploaded_raw));
$uploaded_array=explode(".",$reverseName);
$image_extension = strrev($uploaded_array[1]);
Seems like a lot of work to get the file extension, but I think it's the only reliable way.
Posted: Sun Mar 14, 2004 8:15 am
by tsg
If when you are checking for acceptable extensions ... you could create something like this:
Code: Select all
<?php
if(($image_extension !== ".gif") AND ($image_extension !== "jpeg") AND ($image_extension !== ".jpg")==TRUE) {
die ("WARNING!: This file is not acceptable you dirty rat.");
}
?>
So the code would be something like this:
Code: Select all
<?
$uploaded_raw=$HTTP_POST_FILES['image']['name'];
$image_extension = substr(strtolower($uploaded_raw), -4, 4));
// this should gif you the extension ... LAST four characters ... example .jpg
// add acceptable extensions here
if(($image_extension !== ".gif") AND ($image_extension !== "jpeg") AND ($image_extension !== ".jpg")==TRUE) {
die ("WARNING!: This file is not acceptable you dirty rat.");
}
?>
Posted: Sun Mar 14, 2004 9:12 am
by davy2001
ok, here is what i did to TRY and make it work:
in the html file:
Code: Select all
<html>
<head>
<title>Image Gallery</title>
</head>
<body background="graphics/bakground.gif" text="#00CC00" link="#00CF00" vlink="#00CF00" alink="#00CF00">
<div align="center">
<br>
<iframe height="400" width="400" src="images.html" scrolling="auto" allowtransparency="YES"></iframe>
</div>
<div align="center">
<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
<table width="350" border="1" cellpadding="1" cellspacing="1" bordercolor="#00CC00">
<tr>
<td align="right" valign="top">Your Name: </td>
<td><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td width="97" align="right" valign="top"><div align="right">Image Title: </div></td>
<td width="240"><input name="imagename" type="text" id="imagename"></td>
</tr>
<tr>
<td align="right" valign="top"><div align="right">Description:</div></td>
<td><textarea name="description" id="description"></textarea></td>
</tr>
<tr>
<td align="right" valign="top"><div align="right">File:</div></td>
<td><input name="filename" type="file" id="filename">
<input type="hidden" name="MAX_FILE_SIZE" value="2097152"></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="Submit" value="Send Image">
</div></td>
</tr>
</table>
</form>
</div>
</body>
</html>
and in the php file i put:
Code: Select all
<?php
$filename=$_POST['filename'];
$description = $_POST['description'];
$imagename = $_POST['imagename'];
$name = $_POST['name'];
$date = date("n-j-Y, g:i:sa");
//uploads the file//
$path = "/images"; //SET THIS TO THE RELATIVE PATH FROM WHERE THE SCRIPT IS TO WHERE THE FILE SHOULD BE UPLOADED TO,
if($filename){
print("File name: $file_name<P>/n");
print("File size: $file_size bytes<P>/n");
if(copy($file, "$path/$filename")){
print("Your File was uploaded successfully");
}else{
print("ERROR, your file was not successfully uploaded");
}
unlink($file);
}
//adds to the images.html//
$filename = 'images.html';
$fp = fopen($filename, "a");
$string = "
$imagename<i>: </i></b><i>Added by $name on $date</i>
<br>
<b>Description: </b><i>$description</i>
<br>
<a href=images/$filename target=_blank>Click here</a>
<br>
";
$write = fputs($fp, $string);
fclose($fp);
Header ('Location index.html');
?>
what have i done wrong?
i just get an error saying "Notice: Undefined index: filename in c:\server\www\flashworld\gallery\upload.php on line 2" when i press the submit button
Posted: Sun Mar 14, 2004 2:02 pm
by TheBentinel.com
I recall in ASP there was something tricky about having both a file upload and regular form variables in the same form. Like you couldn't do it, or you could but you had to jump through all sorts of hoops. It's been like 6 years so maybe I'm just making it up, but it sounds awfully familiar. Whatever the problem was, it sprung from a level that would affect PHP, too.
If you pull out the file upload part, does the filename variable suddenly become available?
I know that doesn't solve your problem, but it might help define it. Maybe you'll need to break it into two sections, one for naming the file and another for uploading it.
Maybe. I don't know. Maybe the polyurethane fumes are getting to me...
Posted: Sun Mar 14, 2004 6:31 pm
by m3mn0n
Check mime types, and/or explode by "." and [php_man]count[/php_man]() the array and use the last key, by subtracting one to the total number of array elements. Those two remove the possibility of being screwed over by something named
pic.01.jpg.
Oh and use
$_FILES for uploads.
Run this script on the handling page:
Code: Select all
<?php
echo '<pre>';
print_r($_FILES);
echo '</pre?';
?>
To see all the info about the file.
Posted: Sun Mar 14, 2004 6:33 pm
by tsg
I think the problem now is that ... $filename=$_POST['filename'];
$filename is an array .. should be something like
$filename=$HTTP_POST_FILES['image']['name'];