-2

I am new to PHP and I wanna check the file before it is uploaded to PhpMyAdmin. The only file types I wanna add to my database are PDF, DOC and DOCX. I have checked on the internet for the solution but I really can't find any. I hope you guys can help me with this.

<?php
$servername = "localhost";
$username = "root";
$password = "usbw";
$dbname = "persons";

// CREATE A CONNECTION WITH THE DATABASE
// CONNECTIE MAKEN MET DATABASE
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} 

// CHECK IF SUBMIT IS CLICKED
// CONTROLEER OF SUBMIT IS GEKLIKT
if(isset($_POST['submit']))
{
$filetmp = $_FILES["cv"]["tmp_name"];
$filename = $_FILES["cv"]["name"];
$filetype = $_FILES["cv"]["type"];
$filepath = "files/".$filename;

move_uploaded_file($filetmp,$filepath);


// INSERT VALUES IN THE DATABASE
// VOEG WAARDES TOE IN DE DATABASE
$sql = "INSERT INTO cv (cv_name,cv_path,cv_type) VALUES ('$filename','$filepath','$filetype')";
$result = mysqli_query($conn, $sql);
}
// INSERT cv_id IN person_id
// VOEG cv_id TOE IN person_id
$cv = $conn->insert_id;
?>
GLRotterdam
  • 143
  • 1
  • 8
  • 3
    and do you feel that the HTML form being omitted from the question irrelevant? check for errors, you're not doing that. – Funk Forty Niner May 09 '16 at 15:10
  • Possible duplicate of [php check file extension in upload form](http://stackoverflow.com/questions/10456113/php-check-file-extension-in-upload-form) – olibiaz May 09 '16 at 15:17

1 Answers1

0

You can use is_uploaded_file():

if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {
    echo 'No upload';
}

From the docs: Returns TRUE if the file named by:

filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system. EDIT: I'm using this in my FileUpload class, in case it helps:

public function fileUploaded()
{
    if(empty($_FILES)) {
        return false;       
    } 
    $this->file = $_FILES[$this->formField];
    if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){
        $this->errors['FileNotExists'] = true;
        return false;
    }   
    return true;
}
Hassan ALi
  • 1,313
  • 1
  • 23
  • 51