0

Sorry for bringing something up that has probably been asked a million times by now, but I am having some trouble with it and after a couple of hours of searching around and not finding my answer that worked I decided to ask here.

This is the code I am trying to run:

$ext_error = false;
$extensions = array('gif','jpg','jpe','jpeg','png');//Allowed Extensions
$file_ext = explode('.',$_FILES['userfile']['name']);
$file_ext = end($file_ext);

if (!in_array($file_ext, $extensions)){
        $ext_error = true;
        $file = $_POST['name'];
        unlink('img/'.$file);
}

I am trying to make it delete the file uploaded if it turns out to not have the correct file extension.

When I use unlink, 'img/' is a directory inside of the directory where my php file is and I am trying to use $file to find out the name of the file that was just uploaded and had an error of the wrong extension.

dobson
  • 461
  • 6
  • 14
  • 1
    Why would you want to do that? A "file name extension" is a concept from the 1980th, irrelevant today. Anyone can specify any "extension" to any file name and so get around your filter. Instead you should check the actual type of file, it's mime type. – arkascha Mar 02 '19 at 17:28
  • 1
    Apart from that I doubt that `$_POST['name']` is the string you are looking for. This again could be crafted any way the client wants, you are probably more interested in the `$_FILES` super global variable. – arkascha Mar 02 '19 at 17:30
  • how do you make the file going to img/ after being uploaded ? Why not simply use the $_FILES['userfile']['name'] Maybe you should add the filter on the client side. https://stackoverflow.com/questions/5796537/input-type-file-limit-selectable-files-by-extensions or https://stackoverflow.com/questions/4328947/limit-file-format-when-using-input-type-file – Tuckbros Mar 02 '19 at 18:17

0 Answers0