alexiiccoggfd
New Member
\[code\]<html><body><form action="upload.php" method="post"enctype="multipart/form-data"><label for="file">Filename:</label><input type="file" name="file_field"><br><input type="submit" name="submit" value="http://stackoverflow.com/questions/14060403/Submit"></form></body></html> \[/code\]The php code below doesn't work. It doesn't check for anything at all. It doesn't show maximum file size error. what it does is that, it accepts any file I try to upload and inserts the file name to database. It doesn't check for any restrictions I set for the file upload. any idea? txs\[code\]<?phpfunction uploadFile ($check_image = false, $random_name = false) {//Config Section //Set file upload path$path = 'c:/xampp/htdocs/images/'; //with trailing slash//Set max file size in bytes$max_size = 1000000;//Set default file extension whitelist$whitelist_ext = array('jpg','png','gif');//Set default file type whitelist$whitelist_type = array('image/jpeg', 'image/png','image/gif');//The Validation// Create an array to hold any output$out = array('error'=>null);if (!$_FILES['file_field']) {$out['error'][] = "Please specify a valid form field name"; }if (!$path) {$out['error'][] = "Please specify a valid upload path"; }if (count($out['error'])>0) {return $out;}//Make sure that there is a fileif((!empty($_FILES['file_field'])) && ($_FILES['file_field']['error'] == 0)) {// Get filename$file_info = pathinfo($_FILES['file_field']['name']);$name = $file_info['filename'];$ext = $file_info['extension'];//Check file has the right extension if (!in_array($ext, $whitelist_ext)) {$out['error'][] = "Invalid file Extension";}//Check that the file is of the right typeif (!in_array($_FILES['file_field']["type"], $whitelist_type)) {$out['error'][] = "Invalid file Type";}//Check that the file is not too bigif ($_FILES['file_field']["size"] > $max_size) {$out['error'][] = "File is too big";}//If $check image is set as trueif ($check_image) {if (!getimagesize($_FILES['file_field']['tmp_name'])) {$out['error'][] = "Uploaded file is not a valid image";}}//Create full filename including pathif ($random_name) {// Generate random filename$tmp = str_replace(array('.',' '), array('',''), microtime());if (!$tmp || $tmp == '') {$out['error'][] = "File must have a name";} $newname = $tmp.'.'.$ext; } else {$newname = $name.'.'.$ext;}//Check if file already exists on serverif (file_exists($path.$newname)) {$out['error'][] = "A file with this name already exists";}if (count($out['error'])>0) {//The file has not correctly validatedreturn $out;} if (move_uploaded_file($_FILES['file_field']['tmp_name'], $path.$newname)) {//Success$out['filepath'] = $path;$out['filename'] = $newname;return $out;} else {$out['error'][] = "Server Error!";}} else {$out['error'][] = "No file uploaded";return $out;} }$con = mysql_connect("localhost","root","");if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("simple_login", $con);mysql_query("INSERT INTO photo (photo)VALUES ('{$_FILES['file_field']['tmp_name']}')");mysql_close($con);?>\[/code\]