Reputation: 283
PHP image upload
I am working on a form where a user have an option to upload an image , if they are not uploading the image then i will use a default image for their profile but i am having some problem with that, i want to validate image only if they are uploading it but right now even if they are not uploading the image my validation code is running and not letting save the rest of the form below is my code
if(isset($_FILES))
{
$imagename = $_FILES['uploadimage']['name'];
$imagetype = $_FILES['uploadimage']['type'];
$imagesize = $_FILES['uploadimage']['size'];
if($imagetype != "image/gif" || $imagetype != "image/jpg" || $imagetype == "image/png" || $imagetype == "image/jpeg")
{
$error = 'Please upload an image with JPG, PNG, GIF';
}
elseif($imagesize > 716800)
{
$error = 'Image Needs to be under 700kb only';
}
else
{
$success = 'Uploaded';
}
Even if they are not uploading the image the entire code is running
Upvotes: 2
Views: 7441
Answers (6)
Reputation: 9265
To be honest don't waste your time with creating your own image upload code, simply use class.upload.
Upvotes: 2
Reputation: 51
You can also upload image on mysql database from this code::
image.php
<form action='image.php' method='post' enctype='multipart/form-data' >
<input type='file' name='image'>
<input type='submit' name='submit'>
</form>
<?php
if(isset( $_POST['submit'] ) ) {
$image = addslashes( file_get_contents( $_FILES['image']['tmp_name'] ) );
$size = getimagesize( $_FILES['image']['tmp_name'] );
if($size != FALSE )
mysql_query(" INSERT INTO tableName VALUES ( '', '$image') ) or die(mysql_error());
else
echo "image uploading problem";
}
?>
Upvotes: 0
Reputation: 972
use this image upload code .
<?php
//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","1000");
//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
//This variable is used as a flag. The value is initialized with 0 (meaning no error found)
//and it will be changed to 1 if an errro occures.
//If the error occures the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit']))
{
//reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//if it is not empty
if ($image)
{
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not upload the file,
//otherwise we will do more tests
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
//print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file
//in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}}}}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully! Try again!</h1>";
}
?>
<!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" -->
<form name="newad" method="post" enctype="multipart/form-data" action="">
<table>
<tr><td><input type="file" name="image"></td></tr>
<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
</table>
</form>
Upvotes: 0
Reputation: 544
You must first test if upload is succes, then test if file is image and work with them.
if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) {
if($_FILES['nameoffilefield']['type'] != "image/gif"
&& $_FILES['nameoffilefield']['type'] != "image/jpg"
&& $_FILES['nameoffilefield']['type'] != "image/png"
&& $_FILES['nameoffilefield']['type'] != "image/jpeg")
{
$error = 'Please upload an image with JPG, PNG, GIF';
}
elseif($imagesize > 716800)
{
$error = 'Image Needs to be under 700kb only';
}
else
{
$success = 'Uploaded';
// do something with image
move_uploaded_file($_FILES['nameoffilefield']['tmp_name'],$newFileWithDir);
}
}
But it is not good idea to testing $_FILES['nameoffilefield']['type'] over "image/jpeg", because attacker can send php file with this mime type.
Upvotes: 1
Reputation: 7504
You should use
if(!empty($_FILES) && array_key_exists('uploadimage', $_FILES) && $_FILES['uploadimage']['size'] > 0)
instead of
if(isset($_FILES)).
Upvotes: 1
Reputation: 360842
$_FILES is a superglobal and is ALWAYS present, regardless of how the script was invoked or if a file upload was actually attempted.
You need to check for a specific file instead, such as:
if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) {
... upload occured ...
}
Upvotes: 1