开发者

Invalid File on PHP File Upload

问答 作者:

I've built a website with a HTML form/ PHP upload for image files, it works well when its running on XAMPP on my local computer but when i've uploaded it to 000webhost most of the time it says invalid file and only sometimes will the images successfully upload. I've tried turning up the max execution time in the php configuration but that doesn't seem to have fixed it. The files i've tried to upload are smaller than the max file size in the php config and have worked on my test machine perfectly.

I find it odd that it works sometimes and doesn't other times and don't really know what to try.

EDIT:

Here is the form Filename: 

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/png")))
   {
       if ($_FILES["file"]["error"] > 0)
          {
          echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
          }
       else
          {
          echo "Upload: " . $_FILES["file"]["name"] . "<br />";
          echo "Type: " . $_FILES["file"]["type"] . "<br />";
          echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<开发者_StackOverflow中文版;br />";
          echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";


          move_uploaded_file($_FILES["file"]["tmp_name"],
          "churchimages/pauls.jpeg");
          echo "Stored in: " . "churchimages/pauls.jpeg";

          }
  }

 else

 {
 echo "Invalid file";//This is the section I am seeing
 }

Your file type detection is relying on $_FILES["file"]["type"], which is sent by the browser and highly unreliable.

A much better way to detect whether an uploaded file is an image is getimagesize().

$info = getimagesize($_FILES["file"]["tmp_name"]);

$allowed_types = array(IMG_GIF, IMG_JPEG, IMG_PNG);

if (in_array($info[2], $allowed_types))
 { .... do stuff ... }

You should check if the upload actually succeeded FIRST, before doing any of the other operations:

if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
    ... handle upload...
    if (!move_uploaded_file(...)) { // <--important. ALWAYS check if the move worked.
       die("File move failed. Data is lost");
    }
} else {
   die("Upload failed with code " . $_FILES['file']['error']);
}

IN the case where an upload did not occur, then the ['type'] field would not be set, and just saying "invalid file" would be useless - there is no file at all.

As Pekka's pointed out, you should use other methods of determining file type. The ['type'] data in $_FILES is user-provided, and is trivial to forge.

Make sure that you're defining an absolute path for the uploaded files rather than a relative one.

I have had this issue today.. very sad. took about an hour to repair.

Idea: checking for $_FILES["file"]["type"] == "image/gif" at the top of the script is what failed for me. It seems the browser was populating a "BLANK DATA" instead of "image/gif" so my initial check failed each time with "invalid file type"

Question: It seems the browsers are not properly sending across the file type from the tmp directory?

My FIX: remove the file type check.... as stated above it is very unreliable...

Check the PHP file permissions. in ooowebhost you can find it in chmod. change to '777'. otherwise, the file doesn't have permissions to execute/write

继续阅读:file-uploadphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9