PHP Upload Image formats only?

Question

I have an upload system which will upload files then record in my database. Anyways it works all fine, though how can i make it so that IMAGES only are uploaded and nothing else?

My code:

if($_POST[add]){



$dataType = $_POST["dataType"];
$title = $_POST["title"];
$fileData = pathinfo(basename($_FILES["image"]["name"]));
$fileName = uniqid() . '.' . $fileData['extension'];
$target_path = ("userfiles/profilepic/" . $fileName);

while(file_exists($target_path))
{
    $fileName = uniqid() . '.' . $fileData['extension'];
    $target_path = ("userfiles/profilepic/" . $fileName);
}

if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_path))
{

  $sql = $dbh->prepare("UPDATE users SET `profilepic` = 'userfiles/profilepic/$fileName' WHERE `id` = '".$member["id"]."'");

    $sql->execute();
    $retval = $sql->fetch(PDO::FETCH_ASSOC);

    echo "Your profile picture has successfully been updated";


}
else
{
    echo "oh noes.. there was an error :( Please do try again!";
}

}

Spending a few minutes on Google would have given you many results. — Funk Forty Niner, Mar 02 '14 at 14:59
@Fred-ii- Sorry I should have mentioned that I have researched this. I tried many different things but none seemed to work for me. The closest I was at would have been uploading a .png and it come up with This is not an image file. But that just stops.. uploading different formats, what about files that are under the .png, .gif formats? — user3370962, Mar 02 '14 at 15:01
Check out this http://www.w3schools.com/php/php_file_upload.asp under "Restrictions on Upload" codes are available — Mobi, Mar 02 '14 at 15:03
@Mobi I checked that out, but did not know how to integrate it into my code. — user3370962, Mar 02 '14 at 15:04
[`See this answer`](http://stackoverflow.com/a/2486343/) on SO. @user3370962 - Found after Googling keywords "allow images only upload php" and [`this one`](http://stackoverflow.com/a/12864238/) — Funk Forty Niner, Mar 02 '14 at 15:06
[`Another article on the subject`](https://www.stanford.edu/dept/its/communications/webservices/wiki/index.php/How_to_securely_allow_file_uploads_using_the_Stanford_Web_Application_Toolkit) — Funk Forty Niner, Mar 02 '14 at 15:09
@Fred-ii-I found heaps of them. I just dont have an idea how to integrate them into MY code. — user3370962, Mar 02 '14 at 15:09
Just place it below your `if($_POST[add]){` then if the conditional statement is `TRUE` then the code keeps going. — Funk Forty Niner, Mar 02 '14 at 15:14
@Fred-ii- Added one, able to upload any files still though? ugh.. — user3370962, Mar 02 '14 at 15:30

score 5 · Accepted Answer · edited May 23 '17 at 12:03

5

Based on this answer

if($_POST[add]){

$file_type = $_FILES['image']['type']; //returns the mimetype

$allowed = array("image/jpeg", "image/gif", "image/png");
if(!in_array($file_type, $allowed)) {
  $error_message = 'Only jpg, gif, and png files are allowed.';

  echo $error_message;

  exit();

}

$dataType = $_POST["dataType"];

... rest of your code below

Footnotes:

Other Internet media types should you want to use them in the future.

edited May 23 '17 at 12:03

Community

1
1

answered Mar 02 '14 at 15:26

Funk Forty Niner

74,450
15
68
141

1

Thanks! Worked great. – user3370962 Mar 02 '14 at 15:31
Ah good, glad to hear it and you're welcome. @user3370962 – Funk Forty Niner Mar 02 '14 at 15:32
If the answer already exists, then this question should have been marked as a duplicate. – Mohammed Joraid Mar 02 '14 at 15:58
The OP did not know how to implement it. Do read over the comments under the OP's question. @Joraid - Giving someone a helping hand, is part of SO. – Funk Forty Niner Mar 02 '14 at 16:08
Yes indeed, it seems the problem was not finding the method, but integrating it. – Mohammed Joraid Mar 02 '14 at 16:20
Exactly. Sometimes people need a visual method to better understand how. @Joraid – Funk Forty Niner Mar 02 '14 at 16:21

PHP Upload Image formats only?

1 Answers1