Print Reseller Scheme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restrict file upload to just jpegs with php

Discussion in 'Website Design Forum:' started by craigeves, Mar 4, 2010.

  1. craigeves

    craigeves Junior Member

    Hi - Please can someone help?

    I have the following PHP code which uploads a file to my server and renames it to whoever the logged in session user is . For example the user 'coca-cola-lover' uploads a jpeg called 'me.jpg' and the script will rename the jpeg 'coca-cola-lover.jpg'.

    My problem is that I need it to limit the upload to just jpegs - i don't want gifs or pngs and it would also be good to be able to store the name of the upload in my MySQL database (i'm using the php functions in dreamweaver if that's any help).

    Please help - I was trying to find a solution all night.

    Thanks in advance

    <?php//define a maxim size for the uploaded images in Kb define ("MAX_SIZE","100");   //get Session Name $username = $row_Recordset1['username'];//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension. function getExtension($str) {         $i = strrpos($str,".");         if (!$i) { return ""; }         $l = strlen($str) - $i;         $ext = substr($str,$i+1,$l);         return $ext; }//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  //and it will be changed to 1 if an errro occures.  //If the error occures the file will not be uploaded. $errors=0;//checks if the form has been submitted if(isset($_POST['Submit']))  {     //reads the name of the file the user submitted for uploading     $image=$_FILES['image']['name'];     //if it is not empty     if ($image)      {     //get the original name of the file from the clients machine         $filename = stripslashes($_FILES['image']['name']);     //get the extension of the file in a lower case format          $extension = getExtension($filename);         $extension = strtolower($extension);     //if it is not a known extension, we will suppose it is an error and will not  upload the file,      //otherwise we will do more tests if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))          {        //print error message             echo '<h1>Unknown extension!</h1>';             $errors=1;         }         else         {//get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file //in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']);//compare the size with the maxim size we defined and print error if biggerif ($size > MAX_SIZE*1024){    echo '<h1>You have exceeded the size limit!</h1>';    $errors=1;}//we will give it the name of the logged in session user$image_name=$username.'.'.$extension;//the new name will be containing the full path where will be stored (images folder)$newname="images/".$image_name;//we verify if the image has been uploaded, and print error instead$copied = copy($_FILES['image']['tmp_name'], $newname);if (!$copied) {    echo '<h1>Copy unsuccessfull!</h1>';    $errors=1;}}}}//If no errors registred, print the success message if(isset($_POST['Submit']) && !$errors)  {     echo "<h1>File Uploaded Successfully! Try again!</h1>"; } ?><!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" --><form name="newad" method="post" enctype="multipart/form-data"  action="">  <table>    <tr>      <td><input type="file" name="image"></td>    </tr>    <tr>      <td><input name="Submit" type="submit" value="Upload image"></td>    </tr>  </table></form>
  2. Jazajay

    Jazajay Active Member

    Hay do you still have the problem?
    You also need to do a lot more than just limit it to other image extentions, you need to check the size, make sure it isn't a php, or other server side file or even an exe file last thing you want is them being uploaded willy nilly.

    If you are let me know and I'll write you a good one.


Share This Page