0

How can I make this code such that it allows only PNG files to be uploaded? Could someone explain it to me?

if (isset($_FILES["userfile"]) && !empty($_FILES["userfile"])) {
        $image = $_FILES['userfile']['tmp_name'];
        $imageName = $_FILES['userfile']['name'];
        $imageSize = $_FILES['userfile']['size'];
        $imageType = $_FILES['userfile']['type'];
        $len = count($image);
        $path = "uploads/furnipack/images/";
        for ($i = 0; $i < $len; $i++) {
             if (isset($imageName[$i]) && $imageName[$i] !== NULL) {
                 if(move_uploaded_file($image[$i], $path.$imageName[$i])) {
                    $result = $mysqli->query("INSERT INTO imageTable (imageName, imageCategory, imageSize, imageType) VALUES ('$imageName[$i]', '$imageCategory', '$imageSize[$i]' , '$imageType[$i]' )");
                     $melding = "Item is succesvol geupload!";
                 }
             }
        }
}
Harry
  • 87,580
  • 25
  • 202
  • 214
Tom Lammers
  • 17
  • 5
  • I have reworded the title and content to improve grammar, removed language name from title as it is not required due to presence of tags. I have also removed the thanks note because it is considered as fluff and is not required to be present in the content. – Harry Jul 15 '15 at 16:09

3 Answers3

0

from the name of the image, get the extension and try to check the image uploaded based on the extension,

$imageName = $_FILES['userfile']['name'];
$str=strpos($imageName,'.');
$ext=substr($imageName,$str+1,strlen($imageName)-$str-1);
if($ext=='png')
{
if(move_uploaded_file($image[$i], $path.$imageName[$i])) {
                $result = $mysqli->query("INSERT INTO imageTable (imageName, imageCategory, imageSize, imageType) VALUES ('$imageName[$i]', '$imageCategory', '$imageSize[$i]' , '$imageType[$i]' )");
                 $melding = "Item is succesvol geupload!";
             }
}
0

you can use this i guess

$ext = pathinfo($imageName, PATHINFO_EXTENSION);

if($ext == "png"){
   if(move_uploaded_file($image[$i], $path.$imageName[$i])) {
            $result = $mysqli->query("INSERT INTO imageTable (imageName, imageCategory, imageSize, imageType) VALUES ('$imageName[$i]', '$imageCategory', '$imageSize[$i]' , '$imageType[$i]' )");
             $melding = "Item is succesvol geupload!";
         }
}
else {
    echo 'please upload .png images only';
}
Divyank
  • 740
  • 3
  • 20
0

I believe this question has been answered numerous times on stack overflow, simply check the extension of the image and for a more secure site you may also want to check the exif data discussed in these pages below Only allow .jpg and .png files only How can I only allow certain filetypes on upload in php?

Community
  • 1
  • 1
Matthew
  • 87
  • 1
  • 9