restrict

[etsted]

this is my php file upload.

How can i make sure that the user can only upload images and videos?

what type of if statement do i use?

 

<?php

include "connect.php";

if(isset($_POST['submit']))

{

$name = $_FILES['file']['name'];

$temp = $_FILES['file']['tmp_name'];

move_uploaded_file($temp, "upload/".$name);

$url = "http://localhost:81/upload/$name";

mysql_query("INSERT INTO videos VALUES('','$name','$url')") or die(mysql_error());

}

?>

<html>

<body>

<form action="index.php" method="POST" enctype="multipart/form-data">

<input type="file" name="file" /><br />

<input type="submit" name="submit" />

</form>

<a href="videos.php">videos</a>

<?php

if(isset($_POST['submit']))

{

echo "<br />".$name." has been uploaded";

}

?>

</body>

</html>

[Don Jajo]

Try this

$path = pathinfo($_FILES['file']['tmp_name'])$allowed = array('jpg','jpeg','gif','png');if(!in_array($path['extension'],$allowed)){echo 'File must be a pic';} 

Edited February 2, 2014 by Don Jajo

[etsted]

i want the user to be able to upload both videos and images, which in this case work, but this script also allows other files such as exe. How can i prevent that?

[etsted]

i tried to add MP4 SWF and some other video formats, but i doesnt work. what am i doing wrong?

here is my code:

 

<?php

@$path = pathinfo(@$_FILES['file']['tmp_name']);

$allowed = array('jpg','jpeg','gif','png','swf','MP4','flv','mgp','mpeg','webm','rm','ram','mov','wmv','avi','MPEG-4');

if(in_array(@$path['extension'],$allowed))

{

include "connect.php";

$name = $_FILES['file']['name'];

$temp = $_FILES['file']['tmp_name'];

move_uploaded_file($temp, "upload/".$name);

$url = "http://localhost:81/upload/$name";

mysql_query("INSERT INTO videos VALUES('','$name','$url')") or die(mysql_error());

mysql_close();

}

else

{

echo "må være et bilde";

}

?>

<html>

<body>

<form action="index.php" method="POST" enctype="multipart/form-data">

<input type="file" name="file" /><br />

<input type="submit" name="submit" />

</form>

<a href='videos.php'>videos</a>

<?php

if(isset($_POST['submit']))

{

echo "<br />".$name." has been uploaded";

}

?>

</body>

</html>

 

[justsomeguy]

What happens when you run it? Remove the error suppression operators so you can tell if there are errors.

[etsted]

it keeps saying "must be a pic" and if i try to upload a pic then it just does the same.

[justsomeguy]

First, remove all of the error suppression operators. If you're getting errors then you need to know about them. After that, print out the data that you're using. You can use print_r($_FILES) to see information about all uploaded files, and you should also use print_r on $path so that you can see what information is being returned about the file. You're not checking for error codes with the uploaded file, so there might be a problem with the upload in general, but printing out the $_FILES array will show that.

[etsted]

when i try to upload a video or image, i get this error:

 

Array ( [file] => Array ( [name] => bill 004.MP4 [type] => video/mp4 [tmp_name] => C:wamptmpphp145C.tmp [error] => 0 => 1472766 ) ) 1Array ( [dirname] => C:wamptmp [basename] => php145C.tmp [extension] => tmp [filename] => php145C ) 1

[Ingolme]

Just to clarify, the error supressor operator is "@". Remove all the @ and see what error messages show up.

[etsted]

i did that, but i am just showing the error when i print out $_FILES and $path

[thescientist]

when i try to upload a video or image, i get this error:

 

Array ( [file] => Array ( [name] => bill 004.MP4 [type] => video/mp4 [tmp_name] => C:wamptmpphp145C.tmp [error] => 0 => 1472766 ) ) 1Array ( [dirname] => C:wamptmp [basename] => php145C.tmp [extension] => tmp [filename] => php145C ) 1

that's not an error, that's just the output of print. you still need to also show us what errors you are getting, by removing the @ sign from all your code.

 

the point is to find out if you are getting errors at all in addition to printing out what you have in $_FILES. make sure you also have display_errors set at the beginning of your script.

 

ini_set('display_errors', 'on');

Edited February 4, 2014 by thescientist

[etsted]

I have changed everything back to normal. Whit my normal script, but i want to make sure that the user can only upload videos and images. Anyone knows how to fix that? I also want to be able to set a maximum size.

Here is my script:

 

<?php

include "connect.php";

$name = $_FILES['file']['name'];

$temp = $_FILES['file']['tmp_name'];

move_uploaded_file($temp, "upload/".$name);

$url = "http://localhost:81/upload/$name";

mysqli_query($con, "INSERT INTO videos VALUES('','$name','$url')") or die(mysql_error());

mysqli_close($con);

?>

<html>

<body>

<form action="index.php" method="POST" enctype="multipart/form-data">

<input type="file" name="file" /><br />

<input type="submit" name="submit" />

</form>

<a href='videos.php'>videos</a>

<?php

if(isset($_POST['submit']))

{

echo "<br />".$name." has been uploaded";

}

?>

</body>

</html>

[Ingolme]

The main problem here is that you're checking name of the temporary file rather on the server. You need to check what name the file had on the client, which is in the $_FILES array.

 

$path = pathinfo($_FILES['file']['name'])

[etsted]

here is the new code i made, but every time i upload a picture it works, but if i try to upload a video it says: NOTICE undefined variable: name

 

<?php

$allowedExts = array("gif", "jpeg", "jpg", "png","MP4","MPEG-4","mp4");

$temp = explode(".", $_FILES["file"]["name"]);

$extension = end($temp);

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/jpg")

|| ($_FILES["file"]["type"] == "image/pjpeg")

|| ($_FILES["file"]["type"] == "image/x-png")

|| ($_FILES["file"]["type"] == "image/png"))

&& ($_FILES["file"]["size"] < 20000)

&& in_array($extension, $allowedExts))

{

include "connect.php";

$name = $_FILES['file']['name'];

$temp = $_FILES['file']['tmp_name'];

move_uploaded_file($temp, "upload/".$name);

$url = "http://localhost:81/upload/$name";

mysqli_query($con, "INSERT INTO videos VALUES('','$name','$url')") or die(mysql_error());

mysqli_close($con);

}

else

{

echo "Invalid file";

}

?>

<html>

<body>

<form action="index.php" method="POST" enctype="multipart/form-data">

<input type="file" name="file" /><br />

<input type="submit" name="submit" />

</form>

<a href='videos.php'>videos</a>

<?php

if(isset($_POST['submit']))

{

echo "<br />".$name." has been uploaded";

}

?>

</body>

</html>

[etsted]

Just to clarify, the error supressor operator is "@". Remove all the @ and see what error messages show up.

 

The main problem here is that you're checking name of the temporary file rather on the server. You need to check what name the file had on the client, which is in the $_FILES array.

 

$path = pathinfo($_FILES['file']['name'])

it worked

[etsted]

this is my latest code, and it works, but i also want to add a MAX SIZE limit. I have tried

if($_FILES['file']['size'] < 20 000)

{

my code goes here

}

else

{

echo "you're file is to big";

}

But it did not work.

Also here is my code.

 

<?php

$path = pathinfo($_FILES['file']['tmp_name']);

$allowed = array('jpg','jpeg','gif','png','swf','MP4','flv','mgp','mpeg','webm','rm','ram','mov','wmv','avi','MPEG-4');

if(!in_array($path['extension'],$allowed))

{

include "connect.php";

$name = $_FILES['file']['name'];

$temp = $_FILES['file']['tmp_name'];

move_uploaded_file($temp, "upload/".$name);

$url = "http://localhost:81/upload/$name";

mysqli_query($con, "INSERT INTO videos VALUES('','$name','$url')") or die(mysql_error());

mysqli_close($con);

}

else

{

echo "må være et bilde";

}

?>

<html>

<body>

<form action="index.php" method="POST" enctype="multipart/form-data">

<input type="file" name="file" /><br />

<input type="submit" name="submit" />

</form>

<a href='videos.php'>videos</a>

<?php

if(isset($_POST['submit']))

{

echo "<br />".$name." has been uploaded";

}

?>

</body>

</html>

[Don Jajo]

[thescientist]

what didn't work? what happened instead? did you trying debugging and outputting your variables to make sure they are what you think they are? You don't have to guess.

[etsted]

it worked it's just that 20 000 was to little for a video to be uploaded.