Trying to upload image type files only.

Question

Anthony_22 0 Newbie Poster

6 Years Ago

Hello,

I am trying to prevent my form, from submitting if the file is not an image type file but i keep failing, the array that i am using keeps displaying regardless of the files type.
Any help would be grateful.

<?php

    $Manufacturer = $_POST['Manufacturer'];
    $Brand = $_POST['Brand'];
    $Model = $_POST['Model'];
    $Type = $_POST['Type'];
    $Wheel = $_POST['Wheels'];
    $Colour = $_POST['Colour'];
    $Number = $_POST['Gears'];
    $Brake = $_POST['Brakes'];
    $Suspension = $_POST['Suspension'];
    $Gender = $_POST['Gender'];
    $Age = $_POST['Ageof'];
    $image = $_FILES["images"]["name"];
    $Additional = $_POST['Additional'];

    include "../include/config.php";
    $upload_folder = "./uploads/";

    $result=mysqli_query($connection,"SELECT * FROM `Bike` WHERE manufacturer='$Manufacturer'");
    //$file="./uploads/".$_FILES["images"]["name"];
    //$image = addslashes(file_get_contents($_FILES . '../BikeRegistrationDAO.php'));

    if($row=mysqli_num_rows($result) > 0){

        echo "This Bicycle's Manufacturer, Is already registered.";
            return;
    }

    $allowed = array("jpg", "jpeg", "png", "gif");

    if (array($allowed !== "jpg", "jpeg", "png", "gif"))
    {
       die("Not a gif/jpeg/png");
    }

    foreach($_FILES["images"]["name"] as $key => $file_name)
    {
        $tmp_name = $_FILES["images"]["tmp_name"][$key];

        if(file_exists ($upload_folder.$file_name))
        {
            echo "The file ". $file_name . " already exists". "</br>";
        }else{
            move_uploaded_file($tmp_name, $upload_folder.$file_name." MPN: ".$Manufacturer); // uploads the image file name to the folder with the bikes MPN number next to it !
            echo "The file " . $file_name . " has successfully uploaded". "</br>";
        } 
    } 

$sql = "INSERT INTO Bike (Manufacturer, Brand, Model, Type, Wheel, Colour, Number, Brake, Suspension, Gender, Age, image, Additional) VALUES ('$Manufacturer', '$Brand', '$Model', '$Type', '$Wheel', '$Colour', '$Number', '$Brake', '$Suspension', '$Gender', '$Age', '$image', '$Additional')";

    if(!mysqli_query($connection, $sql))
    {
        echo "Not Submited";

    }else{

        echo "Submitted Successfully"."</br>";
    } 
?>

php

3 Contributors
5 Replies
583 Views
2 Days Discussion Span
Latest Post 6 Years Ago Latest Post by ryantroop

ryantroop 177 Practically a Master Poster

6 Years Ago

If you want to stop it client side (to prevent the form from submitting at all), you can look at the input data's type (which should give you the mime type) and you are looking for "image/" if the mime-type doesn't match, return false from the form (otherwise it will still submit).

If you want to do this server side, this page can be of help -- https://www.saotn.org/validate-mime-types-with-php-fileinfo/
Either look at the file name with a regex (bad), look at the file data directly for the mime type (better), or if you have fileinfo extension, use that for mime type comparison.

please note, client side "validation" is meant to make things easier UX/UI wise for your user - it is always good to validate both client and server side, with a minimum being the server side (otherwise, people can just send trash data at you).

Hope that helps,

Ryan

AndrisP 193 Posting Pro in Training

6 Years Ago

Use send_long_datahttp://php.net/manual/en/mysqli-stmt.send-long-data.php for blob upload in to the DB and use prepared statement to prevent from SQL injection.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Anthony_22 0 Newbie Poster · Answer 1 · 2018-03-15T11:15:16+00:00

Thanks for helping me out!

The issue i have at the moment is that,
the user can upload any file type in the folder dierctly i have given.
I wont to limit the file type to images only, but i fail to do so.

Everytime i use getimagesize "$imageInfo = getimagesize( $_FILES['images']['tmp_name'] );"
i get the following error :

Warning: getimagesize() expects parameter 1 to be string, array given in /home/s1705553/public_html/Assigment/5BikeRegistrationPage/BikeRegistrationDAO.php on line 30

AndrisP 193 Posting Pro in Training · Answer 2 · 2018-03-15T14:21:04+00:00

In nyour code if case in line 32 allways true because actually you check if exist array which defined inside self if case.
Get file extension e.g.

$ext = pathinfo($_FILES["images"]["name"], PATHINFO_EXTENSION);

and then check if in array e.g.

if(!in_array(strtolower($ext), $allowed)){
    die("Not a gif/jpeg/png");
}

ryantroop 177 Practically a Master Poster · Answer 3 · 2018-03-15T18:58:01+00:00

also, for your file input on the html you may want to look into the accept attribute:

<form action="/action_page.php">
  <input type="file" name="pic" accept="image/*">
  <input type="submit">
</form>

https://www.w3schools.com/tags/att_input_accept.asp

Again, this is meant as a helpful filter, and will not prevent them from changing the type. It also does not limit file size.