0

I want to restrict user to upload only image files. If any another file user trying to upload then a error message generate that will inform user please upload a jpeg,jpg,png,bmp format only. If user upload any other format instead of image that should not uploaded to database.

I request look at my code and tell me .`

<?php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] && $_FILES['userfile2']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$fileName2 = $_FILES['userfile2']['name'];
$tmpName2 = $_FILES['userfile2']['tmp_name'];
$fileSize2= $_FILES['userfile2']['size'];
$fileType2 = $_FILES['userfile2']['type'];

$fp = fopen($tmpName, 'r');
$image = fread($fp, filesize($tmpName));
$image = addslashes($image);
fclose($fp);

$fp2 = fopen($tmpName2, 'r');
$image2 = fread($fp2, filesize($tmpName2));
$image2 = addslashes($image2);
fclose($fp2);


if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}

if(!get_magic_quotes_gpc())
{
$fileName2 = addslashes($fileName2);
}



defined('_JEXEC') or die;

$user = JFactory::getUser();

$empid = $user->username;

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dat_database";

$conn=mysqli_connect($servername, $username, $password, $dbname);

$query = "UPDATE emp_perdetails SET image_name='$fileName', size='$fileSize', type='$fileType', image='$image',image2='".$image2."' WHERE EMP_ID='$empid'";
mysqli_query($conn,$query) or die('Error, query failed'); 





echo  "<script type='text/javascript'>alert('uploaded sucessfully!')</script>";



} 
?>

`

<html>
<body>
<table>
<form method="post" enctype="multipart/form-data">
<tr><input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<td><h4>Please upload front side of passpot</h4></td>
<td><input name="userfile" type="file" id="userfile" accept="image/*"> </td></tr>
<tr><td><h4>Please upload rear side of passpot</h4></td>
<td><input name="userfile2" type="file" id="userfile" accept="image/*"></td></tr>

<tr><td><td><input name="upload" type="submit" class="box" id="upload" value=" submit "></td></tr>
</table>
</form>
</body>
</html>
Rupesh Arora
  • 557
  • 2
  • 9
  • 26
  • I agreewith the bit of code provided by @nodeffect and in addition I would also recommend controlling the image size to make sure the extension has not just been modified – keikoku92 Jun 08 '15 at 09:08

2 Answers2

4

You can use if else statement to check the file type

if (($_FILES["userfile"]["type"] == "image/gif")
    || ($_FILES["userfile"]["type"] == "image/jpeg")
    || ($_FILES["userfile"]["type"] == "image/jpg")
    || ($_FILES["userfile"]["type"] == "image/png")) {

//upload file
} else {
    //error
}
nodeffect
  • 1,830
  • 5
  • 25
  • 42
0

This allows you to check the extension of the file uploaded by the user : 

<?php
    $fileinfo= pathinfo($_FILES['myfile']['name']);
    $extension_upload = $fileinfo['extension'];
    $extensions_allowed = array('jpg', 'jpeg', 'gif', 'png');
    if (in_array($extension_upload, $extensions_allowed ))
    {
        //upload file
    }
?>
Antoine Delia
  • 1,728
  • 5
  • 26
  • 42