0

I am working on a script that uploads the file to a specific folder and submits the data to the database if all the conditions are true and everything is fine. The script checks the file size and if the file size is more than required it displays the error (working fine).

The script also checks that the file uploaded is of required extension or not if ok then the file is uploaded and if it is of unwanted extension it will not be uploaded (working fine) but if the file is not in expected extension then it should also display an error.

For example if someone uploads .exe or zip or mp3 or any file then it should display "Invalid file type. Only JPG, PNG, GIF, JPEG, PDF and DOC files are allowed. This is where I am facing an error. How can I display this message? What code should I put and where?

Here is my script.

<?php error_reporting(0);

include'db.php';
if(isset($_POST['submit'])!=""){

$extension = substr($_FILES['photo']['name'], strrpos($_FILES['photo']['name'], '.'));

 $extension = strtolower($extension);


if( $extension == ".jpg" || $extension == ".jpeg" || $extension == ".gif" ||$extension == ".png" ||$extension == ".pdf" ||$extension == ".doc" ||$extension == ".docx" )
{

$name=$_FILES['photo']['name'];
$size=$_FILES['photo']['size'];
$type=$_FILES['photo']['type'];
$temp=$_FILES['photo']['tmp_name'];
$caption1=$_POST['caption'];
$link=$_POST['link'];

$limit_size=512000; // Define file size limit in Bytes.
$size_in_kb=1024; // File size in KB
$divide=$limit_size/$size_in_kb; // Dividing both the variables to get the size in KB.


if($size > $limit_size){
echo "<center>Your file size is over limit. Max upload size $divide KB.</center><BR>";
echo "<center><a href='form.php'>Try Again</a></center>";

}

else {
move_uploaded_file($temp,"admin/files/".$name);

$insert=mysql_query("insert into upload(name, fname, phone, email, message)values('$name','$_POST[fname]','$_POST[phone]','$_POST[email]','$_POST[message]')");
}

if($insert){
echo "<center><BR>Data submitted successfully.</center>";
}
else{ 
die(mysql_error());
}
}
}
?>
<html>
<head>
<title>Upload and Download</title>
</head>

<body>
<style>
h1 {font-family:Georgia, "Times New Roman", Times, serif; font-size:36px; color:#000000}
.formdesign {width: 350px; height: 300px; border:1px solid black; border-radius: 5px; margin-top: 75px; box-shadow: 10px 10px 5px #888888;}
.testbox {width:300px; height: 50px; border: 1px solid grey}
</style>
<center>
<div class="formdesign">

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" enctype="multipart/form-data" name="form">
<table style="padding:7px; line-height:1;">
<tr>
<th><label for="fname">Name</label></th>
<td><input type="text" name="fname" id="fname" required maxlength="30"  style="width: 220px; height:30px;  font-size: 14px; font-family: georgia; text-indent: 15px;" placeholder="Your First Name"/></td>
</tr>

<tr>
<th><label for="phone">Phone</label></th>
<td><input type="text" name="phone" id="phone" required maxlength="15" style="width: 220px; height:30px;  font-size: 14px; font-family: georgia; text-indent: 15px;" placeholder="Your Phone Number"/></td>
</tr>

<tr>
<th>  <label for="email">Email</label></th>
<td>  <input type="text" name="email" style="width: 220px; height:30px;  font-size: 14px; font-family: georgia; text-indent: 15px;" placeholder="Your Email ID">
   </td>
</tr>

<tr>
<th><label for="message">Message</label></th>
<td> <textarea name="message" rows="4" cols="25" placeholder="Your message here!" maxlength="200">
</textarea> </td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="5" id="table">
<tr>
<th >Chosse Files (Max 500KB)</th>
<td ><label for="photo"></label><input type="file" name="photo" id="photo" /></td>
</tr>
<tr>
<th colspan="2" scope="row"><input type="submit" name="submit" id="submit" value="Submit" /></th>
</tr>
</table>
</form>
</div></center>
<br />
<br />




</body>
</html>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Instead of using `substr` and `strrpos` I would use [pathinfo](http://php.net/manual/de/function.pathinfo.php), to determine the extension. And please add indentions to your code, otherwise it is really hard to determine if your`if`-clauses are correct. – t.niese Dec 30 '14 at 13:36
  • Please refer this link :: http://stackoverflow.com/questions/10456113/php-check-file-extension-in-upload-form – Lakhan Dec 30 '14 at 13:41

4 Answers4

0

You are omitting the else { } part where the extension is not correct

    <?php error_reporting(0);

        include'db.php';
        if(isset($_POST['submit'])!="")
        {

        $extension = substr($_FILES['photo']['name'], strrpos($_FILES['photo']['name'], '.'));

         $extension = strtolower($extension);


            if( $extension == ".jpg" || $extension == ".jpeg" || $extension == ".gif" ||$extension == ".png" ||$extension == ".pdf" ||$extension == ".doc" ||$extension == ".docx" )
            {

            $name=$_FILES['photo']['name'];
            $size=$_FILES['photo']['size'];
            $type=$_FILES['photo']['type'];
            $temp=$_FILES['photo']['tmp_name'];
            $caption1=$_POST['caption'];
            $link=$_POST['link'];

            $limit_size=512000; // Define file size limit in Bytes.
            $size_in_kb=1024; // File size in KB
            $divide=$limit_size/$size_in_kb; // Dividing both the variables to get the size in KB.


                if($size > $limit_size)
                {
                echo "<center>Your file size is over limit. Max upload size $divide KB.</center><BR>";
                echo "<center><a href='form.php'>Try Again</a></center>";

                }

                else 
                {
                move_uploaded_file($temp,"admin/files/".$name);

                $insert=mysql_query("insert into upload(name, fname, phone, email, message)values('$name','$_POST[fname]','$_POST[phone]','$_POST[email]','$_POST[message]')");
                }

                if($insert)
                {
                echo "<center><BR>Data submitted successfully.</center>";
                }
                else
                { 
                die(mysql_error());
                }
            }
            else
            {
                echo " wrong file type";
            }
        }
        ?>
Peter Manoukian
  • 158
  • 1
  • 13
0

Just do the same thing than when you catch a too big size. In your else, get the same code with another error message like wrong file uploaded, only these formats...

Bestasttung
  • 2,388
  • 4
  • 22
  • 34
0

Edit the "file size" condition, and replace:

$allowed_ext = explode(",", 'jpg,jpeg,gif'); //Extensions separated by coma

if($size > $limit_size){
echo "<center>Your file size is over limit. Max upload size $divide KB.</center><BR>";
echo "<center><a href='form.php'>Try Again</a></center>";

} else if(!in_array(pathinfo($name, PATHINFO_EXTENSION), $allowed_ext)) {
echo "<center>Your file is not allowed.</center><BR>";
echo "<center><a href='form.php'>Try Again</a></center>";
}

You just replace this code:

if($size > $limit_size){
echo "<center>Your file size is over limit. Max upload size $divide KB.</center><BR>";
echo "<center><a href='form.php'>Try Again</a></center>";

}

Sorry for my bad english.

Bye

marco811
  • 48
  • 1
  • 8
0

You just need to fill an array which containing errors and display it at the top of the form. Not tested but your code should look like more or less like this sample.

<?php
$allowedExt = array("jpg", "pdf"); // Add others allowed extenstions here
$errors = array();
if( !in_array($extension, $allowedExt)
{
    $errors[] = "Invalid file ext";
}
else {
    // Normal process
}
?>

<!--Inside the "View" at the top of form show errors-->    
<div class="formdesign">
    <?php
    if( !empty($errors)) :
        foreach($errors as $error) :
            echo "<p>{$error}</p>";
        endforeach;        
    endif;
    ?>
</div>
Debflav
  • 1,131
  • 7
  • 17