开发者

Returning Value from PHP Function Problem

问答 作者:

I am having a problem returning a value from my function. I think ive setup it to return $filename, but it doesn't I get a blank value when it is returned. Did I make a mistake somewhere? I assigned the imageupload function to the variable $newfilename and then try to insert into my db and I get no data in the column for that record.

imageupload function:

    function imageupload()
{
    $allowed_types=array(
    'image/gif',
    'image/jpeg',
    'image/png',
    'image/pjpeg',
    );

if (($_FILES["picupload"]["size"] < 5500000))
  {
      if(in_array($_FILES["picupload"]["type"], $allowed_types))
      {
        if ($_FILES["picupload"]["error"] > 0)
        {
            throw new Exception('Invalid File - No Data In File');
        }
        else
        {
            $dirname = getcwd() . '/userpics/' . $_SESSION['username'];
            if (!file_exists($dirname)) 
            {
                $thisdir = getcwd()  . "/userpics/" . $_SESSION['username']; 

                if(mkdir($thisdir , 0777)) 
                { 
                    $filename = basename( $_FILES['picupload']['name']);
                    $ext = end(explode(".", $filename));
                    $thisdir = getcwd()  . "/userpics/" . $_SESSION['username'] . "/profilepic." . $ext;
                    if(move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir)) 
                    {
                        return $ext;
                    } 
                    else
                    {
                        throw new Exception('Could not upload file');
                    }
                } 
                else 
                { 
                   throw new Exception('Could not create directory');
                } 
            }
            else
            {
                $filename = basename( $_FILES['picupload']['name']);
                $ext = end(explode(".", $filename));
                $thisdir = getcwd()  . "/userpics/" . $_SESSION['username'] . "/profilepic." . $ext;
                if(move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir)) 
                {
                    return $ext;
                } 
                else
                {
                    throw new Exception('Could not upload file');
                }
            } 
        }
    }
    else
    {
        throw new Exception('Invalid File Type');
    }
  }
else
  {
    throw new Exception('Invalid File Error, File Too Large');
  } 
}

Code Calling Imageupload:

else if ($type == "update")
{
    if($_POST['changeimage'] == 'true')
    {
        $newfilename = imageupload();
        $sql="UPDATE users SET `FirstName`='$_POST[firstname]', `MiddleInt`='$_POST[middleint]', `LastName`='$_POST[lastname]', `emailAddress`='$_POST[emailaddress]', `website`='$_POST[website]', `Title`='$_POST[title]', `开发者_StackOverflow社区College`='$_POST[collegedropdown]', `Department`='$_POST[deptdropdown]', `Phone`='$_POST[phone]', `Photo`='$newfilename' WHERE `uid` = '$uid';";
    }
    else
    {
        $sql="UPDATE users SET `FirstName`='$_POST[firstname]', `MiddleInt`='$_POST[middleint]', `LastName`='$_POST[lastname]', `emailAddress`='$_POST[emailaddress]', `website`='$_POST[website]', `Title`='$_POST[title]', `College`='$_POST[collegedropdown]', `Department`='$_POST[deptdropdown]', `Phone`='$_POST[phone]' WHERE `uid` = '$uid';";
    }
}
else
{
    echo "Error, please contact the administrator";
}
$result = mysql_query($sql,$con);mysql_close($con);
//header("location: index.php");

}

There are many things wrong with your code.

At first, you're referencing $_FILES['file']. But after that, you're referencing $_FILES['picupload'].

Secondly, $allowed_types is not defined.

Also, getcwd() usually won't return a trailing slash. So this:

$thisdir = getcwd() . 'userpics/' . $_SESSION['username'];

...will probably not work. This:

$ext = end(explode(".", $filename));

...is illegal. end accepts a reference. As such, you cannot pass the result of a function to it. You should store it in a variable first. However, this is the best way to achieve the same thing is to use pathinfo.

At some point, you're wrongly doing a file_exists($thisdir) then mkdir($thisdir). You're also not appending a filename to the directory afterwards.

You're unnecessarily duplicating code and using if...else with exceptions. You should refactor (it will also make it easier to debug):

function imageupload()
{
    // define $allowed_types
    $allowed_types = array('image/png'); 

    // use "picupload" here
    if ($_FILES["picupload"]["size"] >= 5500000)
        throw new Exception('Invalid File Error, File Too Large');

    if (!in_array($_FILES["picupload"]["type"], $allowed_types))
        throw new Exception('File type not allowed');

    if ($_FILES["picupload"]["error"] > 0)
        throw new Exception('Invalid File - No Data In File');

    // fix the getcwd() expression
    $thisdir = getcwd() . '/userpics/' . $_SESSION['username'];

    // create the directory only if it doesn't exist
    if (!file_exists($thisdir)) {
        if (!mkdir($thisdir, 0777))
            throw new Exception('Could not create directory');
    }

    $filename = basename($_FILES['picupload']['name']);

    // fix the end(explode()) illegal call
    $ext = pathinfo($filename, PATHINFO_EXTENSION);

    // make sure this is actually a filename, and not a directory
    $thisdir .= "/profilepic." . $ext;

    if (!move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir))
        throw new Exception('Could not upload file');

    return $filename;
}

Note: As mentionned in the comments, the caller code is also vulnerable to SQL injection.

继续阅读:functionphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9