I tried it and nothing happens. It right away processes the upload. And when I check the destination directory i see an image file there but it is not readable.
I am using the command copy($_FILES['image']['tmp_name'], $newname); to move the file. It just thinks of the fictitious file as a valid one and creates and image file in the destination folder although unreadable.
Am I doing something wrong here?
Here is the code:
Code: Select all
//reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//if it is not empty
if ($image)
{
if (!($_FILES['image']['error'])) {
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not upload the file,
//otherwise we will do more tests
if ((($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) || ($extension==""))
{
//print error message
//echo '<h1>Unknown extension!</h1>';
$errors=1;
$error_flag=TRUE;
}
else
{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file
//in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
//echo '<h1>You have exceeded the size limit!</h1>';
$errors=2;
$error_flag=TRUE;
}
else
{
//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/players/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
//echo '<h1>Copy unsuccessfull!</h1>';
$errors=3;
$error_flag=TRUE;
}
}
}
}
else{
$errors=6;
$error_flag=TRUE;
}
}
else
{
//File not found
$errors=5;
$error_flag=TRUE;
}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors)
{
require('config.php');
//Create conenction
$db=mysql_connect($dbhost,$dbuser,$dbpassword);
//Select DB with connection
mysql_select_db($dbdatabase,$db);
$sql="INSERT INTO players
VALUES('','"
. $_POST['playername'] ."','"
. $_POST['abouttheplayer'] ."','"
. $newname . "','0');";
mysql_query($sql);
}
}