开发者

Why this php file upload validation script not working?

问答 作者:

Dear friends, this is a script which simply upload file and insert filename into database, why is this not working ? It's just upload the file and send filename to db even after validation . Please help

<?php

//file validation starts
//split filename into array and substract full stop from the last part
$tmp = explode('.', $_FILES['photo']['name']);
$fileext= $tmp[count($tmp)-1];

//read the extension of the file that was uploaded
$allowedexts = array("png");
if(in_array($fileext, $allowedexts)){
    return true;
}else{
    $form_error= "Upload file was not supported<br />";
    header('Location: apply.php?form_error=' .urlencode($form_error));
}


//file validation ends

//upload dir for pics
$uploaddir = './uploads/';


//upload file in folder
$uploadfile = $uploaddir. basename($_F开发者_JS百科ILES['photo']['name']);


//insert filename in mysql db
$upload_filename = basename($_FILES['photo']['name']);



//upload the file now
    move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile);

// $photo value is goin to db
$photo = $upload_filename;


function send_error($error = 'Unknown error accured')
{
    header('Location: apply.php?form_error=' .urlencode($error));
    exit; //!!!!!!
}
//file validation starts
//split filename into array and substract full stop from the last part

$fileext = end(explode('.', $_FILES['photo']['name'])); //Ricky Dang | end()

//read the extension of the file that was uploaded
$allowedexts = array("png");
if(!in_array($fileext, $allowedexts))
{
}

//upload dir for pics
$uploaddir = './uploads/';
if(!is_dir($uploaddir))
{
    send_error("Upload Directory Error");
}    

//upload file in folder
$uploadfile = $uploaddir. basename($_FILES['photo']['name']);

if(!file_exists($uploadfile ))
{
    send_error("File already exists!");
}

//insert filename in mysql db
$upload_filename = basename($_FILES['photo']['name']);

//upload the file now
if(move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile))
{
    send_error('Upload Failed, cannot move file!');
}

// $photo value is goin to db
$photo = $upload_filename;

This is a cleared up version to yours, give that a go and see if you get any errors

You can find the extension of file by using this code also.

$tmp = end(explode('.', $_FILES['photo']['name']));

now $tmp got the extension of file.

Why not use PHP's built-in functions to extract the extension from the filename?

$fileext = pathinfo($_FILES['photo']['name'],PATHINFO_EXTENSION);

And if the file extension is valid, you're returning from the function without doing anything further, if it's invalid you're setting the header, but the code logic will continue to your file processing

You blindly assume the file upload succeeded, but there's many reasons for it to fail, which is why PHP provides ['error'] in the $_FILES array:

if ($_FILES['photo']['error'] === UPLOAD_ERR_OK) {
    // uploaded properly, handle it here...
} else {
    die("File upload error, code #" . $_FILES['photo']['error']);
}

The error codes are defined here.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9