mysql - php script for upload image not working -

- February 15, 2013

i have edit page allow users upload profile image using forms problem keep getting the format not acceptable if image type 1 of accepted format.

this code

if(isset($_post['parse_var']) == "pic")     {         if(!$_files['filefield']['tmp_name'])         {             $errormsg = '<font color= "#ff0000">please browse image  before press button.</font>';         }         else         {             $maxfilesize = 51200;//in bytes =  50kb             if($_files['filefield']['size']>$maxfilesize)             {                 $errormsg = '<font color="#ff0000">your image large, please try again.</font>';                 unlink($_files['filefield']['tmp_name']);             }             elseif(!preg_match("^.(gif|jpg|png)$/i^",$_files['filefield']['name']))             {                 $errormsg = '<font color="#ff0000">your image not 1 of accepted format, please try again</font>';                 unlink($_files['filefield']['tmp_name']);             }             else             {                 $newname = "image01.jpg";                 $place_file = move_uploaded_file($_files['filefield']['tmp_name'],"members/$id/".$newname);                 $message='<font color="#00ff00>your image has been upload successfully</font>';             }         }//end else      }//end if

major problems:

        elseif(!preg_match("^.(gif|jpg|png)$/i^",$_files['filefield']['name']))                             ^---

you should not using regex metachar pattern delimiter. try

preg_match('/\.(gif|jpg|png)$/i', ...) instead.

but in bigger picture view, shouldn't matching on filenames @ all. filenames can forged. should doing server-side mime-type determination (e.g. via file_info()) instead.

you not checking upload success. presence of ['tmp_name'] in $_files array means nothing. failed uploads can still produce tmp_name, yet end garbage. use this:

if ($_files['filefield']['error'] !== upload_err_ok) {    die("upload failed error code " . $_files['filefield']['error']); }

the error codes defined here: http://php.net/manual/en/features.file-upload.errors.php

c) (minor)

you no need unlink temp files. php automatically when script exits.

d) (stylistically huge error)

font tags? in 2013? 1990s called , want html 1.0 back...

Search This Blog

Permission

mysql - php script for upload image not working -

this code

Comments

Post a Comment

Popular posts from this blog

java - Jmockit String final length method mocking Issue -

What is the difference between data design and data model(ERD) -

ios - Can NSManagedObject conform to NSCoding -