Problem uploading photos in a form

Question

icehiro 0 Newbie Poster

11 Years Ago

I'm trying to make website where user can upload a photo in a form. However somethings gone wrong in which keep telling me that I have a 'invalid file'. The information which the user typed in was actually uploaded to the database, but not the image. I've tried to saparate 2 things in the same action which they all work individually, but not together.

Here is my code:

if(isset($_POST["action"])&&($_POST["action"]=="add")){ 
    if ($_POST["item_avai"] == 'on') {
        $check = 1;
    }
    else if ($_POST["item_avai"] == ''){
        $check = 0;
    }
    $query_insert = "INSERT INTO item_record (item_date_added,item_name_chi,item_name_eng,item_price,item_comment,item_avai) VALUES (";
    $query_insert .= "'".date("Y-m-d H:i:s")."',";
    $query_insert .= "'".$_POST["item_name_chi"]."',";
    $query_insert .= "'".$_POST["item_name_eng"]."',";
    $query_insert .= "'".$_POST["item_price"]."',";
    $query_insert .= "'".$_POST["item_comment"]."',";
    $query_insert .= "'".$check."')";
    mysql_query($query_insert);
    //die($query_insert);           All of these work so far!

    // Upload photo
    $allowedExts = array("gif", "jpeg", "jpg", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    $new_name = $next_increment . "." . $extension;
    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/jpg")
    || ($_FILES["file"]["type"] == "image/png"))
    && ($_FILES["file"]["size"] < 5000000)
    && in_array($extension, $allowedExts))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
        }
      else
        {

        if (file_exists("photos/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "photos/" . $new_name);
          }
        }
      }
    else
      {
      echo "Invalid file";
      }
 }

Thanks for your help!

file-system php

3 Contributors
6 Replies
143 Views
4 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by diafol

diafol

11 Years Ago

invalid file

Is this a php file error or a custom error message of yours? To which line number in your code does it pertain?

pixelsoul 272 Red Pill

11 Years Ago

You should really break apart the file type check and file size check like I have below. Also, it is probably failing because you are checking for example "image/jpg" but your array just contains "jpg". You only need to check against this array, no need to include $extension in it. Extensions can be faked easily, but checking against the type actually checks the mime type which is more difficult to fake. Take not of the filesize check also. I didn't test this code, it was just more for an example to see a possibly better structure.

if(isset($_POST["action"])&&($_POST["action"]=="add")){ 
    if ($_POST["item_avai"] == 'on') {
        $check = 1;
    }
    else if ($_POST["item_avai"] == ''){
        $check = 0;
    }
    $query_insert = "INSERT INTO item_record (item_date_added,item_name_chi,item_name_eng,item_price,item_comment,item_avai) VALUES (";
    $query_insert .= "'".date("Y-m-d H:i:s")."',";
    $query_insert .= "'".$_POST["item_name_chi"]."',";
    $query_insert .= "'".$_POST["item_name_eng"]."',";
    $query_insert .= "'".$_POST["item_price"]."',";
    $query_insert .= "'".$_POST["item_comment"]."',";
    $query_insert .= "'".$check."')";

    mysql_query($query_insert);
    //die($query_insert);           All of these work so far!

    // Upload photo
    $allowedExts = array("image/gif", "image/jpeg", "image/jpg", "image/png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    $new_name = $next_increment . "." . $extension;

    if (in_array($_FILES['image']['type'], $allowedExts))
    {
        if(filesize($_FILES['image']['tmp_name']) <= 5000000)
        {
            if ($_FILES["file"]["error"] != 0)
            {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            }
            else
            {
                if (file_exists("photos/" . $_FILES["file"]["name"]))
                {
                    echo $_FILES["file"]["name"] . " already exists. ";
                }
                else
                {
                    move_uploaded_file($_FILES["file"]["tmp_name"],
                    "photos/" . $new_name);
                }
            }
        }
    }
    else
    {
        echo "Invalid file";
    }
    }

Edited 11 Years Ago by pixelsoul

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

icehiro 0 Newbie Poster · Answer 1 · 2013-03-18T21:29:38+00:00

The Error Message was mine, it pops up on top of my page after summiting the form.

diafol · Answer 2 · 2013-03-18T23:59:09+00:00

The Error Message was mine, it pops up on top of my page after summiting the form.

Well, you don't include this in your code, so it's difficult to see what's going on.

pixelsoul 272 Red Pill Featured Poster · Answer 3 · 2013-03-19T00:19:58+00:00

Diafol, I think it is the same one that he is echoing out at the bottom. Unless he has it somewhere else as well. I am guessing that it most likely fails at his file check.

diafol · Answer 4 · 2013-03-19T01:15:28+00:00

Ah, my mistake. :) sorry

Don't believe I missed it - twice!