uploaded file validation is not working

**pbmods** · Nov 17 '07, 04:33 AM

Heya, Jonathan.

What do you want your code to do? Give an example.
What is your code doing that you don't want it to do? Give an example.
What is your code *not* doing that it is supposed to? Give an example.

**Markus** · Nov 17 '07, 02:53 PM

I can't see what's wrong, but i'm sure that's not all the upload script.

Anyway, the 'findexts()' function is completely unnecessary

[code=php]
$_FILES['name_of_input']['type']
[/code]
is a much better way to do it.

You can then check by doing:
[code=php]
if((
($_FILES['name_of_input']['type'] == "applicatio n/msword")
|| ($_FILES['name_of_input']['type'] == "applicatio n/pdf")
|| ($_FILES['name_of_input']['type'] == "text/plain")
&&
($_FILES['name_of_input']['size'] < maxfilesizehere ))
{
//code to execute here
}
[/code]
:)
Remember! Uploading with
[code=html]
<input type="file">
[/code]
you need:
[code=html]
<form action="upload_ file.php" method="post"
enctype="multip art/form-data">
[/code]
aswell.

Also, do not use
[code=php]
$_POST['name'];
// use
$_FILES['name'];
[/code]

mark

**jonathan184** · Nov 17 '07, 04:42 PM

Hi

The script works withthe commented , right all it does is upload and rename the file to resume_random number.txt or what ever format.

The commented part i was trying to use was trying to vaildate the extensions so i only wanted to accept txt, pdf and doc files only all others error out.

I also wanted to validate the file size , do not send anything over 2MB

Thants it really i am trying to accomplish at this point so far i cannot validate the extensions or the file size.

This is all the php code the rest is in html that only controls the design.

Originally posted by pbmods

Heya, Jonathan.

What do you want your code to do? Give an example.
What is your code doing that you don't want it to do? Give an example.
What is your code *not* doing that it is supposed to? Give an example.

**jonathan184** · Nov 17 '07, 04:47 PM

thanks markusn00b

will try that.

**Markus** · Nov 17 '07, 07:30 PM

Originally posted by jonathan184

thanks markusn00b

will try that.

No problem, let me know how things go!

And post up your full code, so we can have a closer look :)

**jonathan184** · Nov 20 '07, 03:15 AM

Hi guys I am still getting the same problem. I put the if statements for the type and size validation but the script does not work when i put it in. If i remove the if statements on the top here and comment out the else the script works fine but there is validation. Where am i going wrong?

[PHP] <?php

if((($_FILES['resume']['type'] == "applicatio n/msword")
|| ($_FILES['resume']['type'] == "applicatio n/pdf")
|| ($_FILES['resume']['type'] == "text/plain")
&& ($_FILES['resume']['size'] < 200000))
{
//This function separates the extension from the rest of the file name and returns it
function findexts ($filename)
{
$filename = strtolower($fil ename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
$today = date("Y-m-d_");
//This applies the function to our file
$exts = findexts ($_FILES['resume']['name']) ;

//This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
$ran = 'resume_'.$toda y.rand () ;

//This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
$ran2 = $ran.".";

//This assigns the subdirectory you want to save into... make sure it exists!
$target = "/var/www/virtual/ansaauto.com/htdocs/resumes/";
//This combines the directory, the random file name, and the extension

$target = $target . $ran2.$exts;

} else {
echo "Your file is over the size limit (MAX SIZE ALLOWED = 2 MB). Please click the back button and correct this.<br>";
exit;
}

//If everything is ok we try to upload it

//Writes the resume to the server
if(move_uploade d_file($_FILES['resume']['tmp_name'], $target))
{

############### ## Insert in Database ############### ######
$con = mysql_connect(" localhost","use r","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}mysql_select_d b("dbname", $con);
$sql="INSERT INTO applications (applicationID, salutation, first_name, last_name, marital_status, dob, nationality, address, work, home, mobile, email, salary, position, resume, createddate)
VALUES (NULL, '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[marital_status]', '$_POST[dob]', '$_POST[nationality]', '$_POST[address]', '$_POST[work]', '$_POST[home]', '$_POST[mobile]', '$_POST[email]', '$_POST[salary]', '$_POST[position]', '$target', NOW())";

if (!mysql_query($ sql,$con))

{
die('Error: ' . mysql_error());
}

echo "Thank you $_POST[first_name] $_POST[last_name] for submitting your application";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file. Please click the back button and correct the file then try again.";
exit;
}

mysql_close($co n)

?>[/PHP]

**pbmods** · Nov 20 '07, 03:47 AM

Heya, Jonathan.

Try this:
[code=php]
if((($_FILES['resume']['type'] == "applicatio n/msword")
|| ($_FILES['resume']['type'] == "applicatio n/pdf")
|| ($_FILES['resume']['type'] == "text/plain")
&& ($_FILES['resume']['size'] < 200000))
{
.
.
.
}
else
{
header('Content-type: text/plain');
print_r($_FILES );
exit;
}
[/code]

**jonathan184** · Nov 20 '07, 05:26 AM

unfortunately still no luck it came up with a blank page still.

**pbmods** · Nov 20 '07, 12:16 PM

Heya, Jonathan.

If you're getting a blank page, your script is probably generating an error. Check out this article to find out what is going on.

**pbmods** · Nov 20 '07, 12:17 PM

PS., Aw what the heck....

2MB == 2,097,152 bytes

uploaded file validation is not working

uploaded file validation is not working

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment