0

I am attempting to create a page that will register information. I also need to be able to upload an image to the form, but when I add the image it gives me an error when I attempt to upload saying the file is not an image. I have attempted to change the parameters of what it will take as far as .jpeg, .png, etc. Can anyone see what I am doing wrong with the uploading?

if ($valid) {
    $filetype = pathinfo($_FILES['profileimg']['name'], PATHINFO_EXTENSION);
    if ((($filetype == "gif") or ($filetype == "jpeg") or ($filetype == "png")) and $_FILES['profileimg']['size'] < 200000) {
        if ($_FILES['profileimg']['error'] > 0) {
            $valid = false;
            $fileError = $_FILES['profileimg']['error'];
            $imageError = "<p class='error'>Return code: $fileError<br>";
            switch ($fileError) {
        case 1:
            $imageError .= 'The file exceeds the uploads_max_filesize setting in php.ini.</p>';
        break;
        case 2:
            $imageError .= 'The file exceeds the max_file_size setting in the HTMl form.</p>';
        break;
        case 3:
            $imageError .= 'The file was only partially uploaded.</p>';
        break;
        case 4:
            $imageError .= 'No file was uploaded.</p.';
        break;
        case 5:
            $imageError .= 'The temporary folder does not exist.</p>';
        break;
        default:
            $imageError .= 'something unexpected happened.</p>';
        break;
    }
        } else {
            $imageError = $_FILES['profileimg']['name'];
            $file = "uploads/$imageName";
            $fileInfo = "<p>Upload: $imageName<br>";
            $fileInfo = "Type: " . $_FILES['profileimg']['type'] . "<br>";
            $fileInfo .= "Size: " . ($_FILES['profileimg']['size'] / 1024) . "Kb<br>";
            $fileInfo .= "Temp file: " . $_FILES['profileimg']['tmp_name'] . "</p>";

            if (file_exists("$files")) {
                $imageError = "<span class='error'>$imageName already exists.</span>";
                $valid = false;
            } else {
                move_uploaded_file($_FILES['profileimg']['tmp_name'], $file);

                if (move_uploaded_file($_FILES['profileimg']['tmp_name'], $file) == true) {
                    $fileInfo .= "<p>Your file has been uploaded. Stored as: $files</p>";
                    $query = "INSERT INTO 'membership' VALUES (default, '$first', '$last', '$username', '$email', '$password', '$imageName');";
                    $result = mysqli_query($conn, $query) or die(mysqli_error($conn));
                    if (!$result) {
                        die(mysqli_error($conn));
                    } else {
                        $row_count = mysqli_affected_rows($conn);
                        if ($row_count == 1) {
                            $memberID = mysqli_insert_id($conn);
                            $loggedIn = true;
                            $msg = "<p>Record inserted</p>";
                        } else {
                            $msg = "<p>Insert failed</p>";
                        }
                    }
                } else {
                    $imageError .= '<p><span class="error">Your file could not be uploaded.';
                }
            }
        }
    } else {
        $imageError .= '<span class="error">Invalid file. This is not an image.</span>';
        $valid = false;
    }
}
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
Haley_Cowan
  • 11
  • You probably want `$filetype = pathinfo($_FILES['profileimg']['tmp_name'], PATHINFO_EXTENSION);` – rjdown Nov 07 '20 at 03:27
  • It is a very bad idea to use `die(mysqli_error($$conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman Nov 07 '20 at 13:00

0 Answers0