I'm trying to make website where user can upload a photo in a form. However somethings gone wrong in which keep telling me that I have a 'invalid file'. The information which the user typed in was actually uploaded to the database, but not the image. I've tried to saparate 2 things in the same action which they all work individually, but not together.

Here is my code:

if(isset($_POST["action"])&&($_POST["action"]=="add")){ 
    if ($_POST["item_avai"] == 'on') {
        $check = 1;
    }
    else if ($_POST["item_avai"] == ''){
        $check = 0;
    }
    $query_insert = "INSERT INTO item_record (item_date_added,item_name_chi,item_name_eng,item_price,item_comment,item_avai) VALUES (";
    $query_insert .= "'".date("Y-m-d H:i:s")."',";
    $query_insert .= "'".$_POST["item_name_chi"]."',";
    $query_insert .= "'".$_POST["item_name_eng"]."',";
    $query_insert .= "'".$_POST["item_price"]."',";
    $query_insert .= "'".$_POST["item_comment"]."',";
    $query_insert .= "'".$check."')";
    mysql_query($query_insert);
    //die($query_insert);           All of these work so far!

    // Upload photo
    $allowedExts = array("gif", "jpeg", "jpg", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    $new_name = $next_increment . "." . $extension;
    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/jpg")
    || ($_FILES["file"]["type"] == "image/png"))
    && ($_FILES["file"]["size"] < 5000000)
    && in_array($extension, $allowedExts))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
        }
      else
        {

        if (file_exists("photos/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "photos/" . $new_name);
          }
        }
      }
    else
      {
      echo "Invalid file";
      }
 }

Thanks for your help!

Member Avatar

diafol

invalid file

Is this a php file error or a custom error message of yours? To which line number in your code does it pertain?

The Error Message was mine, it pops up on top of my page after summiting the form.

You should really break apart the file type check and file size check like I have below. Also, it is probably failing because you are checking for example "image/jpg" but your array just contains "jpg". You only need to check against this array, no need to include $extension in it. Extensions can be faked easily, but checking against the type actually checks the mime type which is more difficult to fake. Take not of the filesize check also. I didn't test this code, it was just more for an example to see a possibly better structure.

if(isset($_POST["action"])&&($_POST["action"]=="add")){ 
    if ($_POST["item_avai"] == 'on') {
        $check = 1;
    }
    else if ($_POST["item_avai"] == ''){
        $check = 0;
    }
    $query_insert = "INSERT INTO item_record (item_date_added,item_name_chi,item_name_eng,item_price,item_comment,item_avai) VALUES (";
    $query_insert .= "'".date("Y-m-d H:i:s")."',";
    $query_insert .= "'".$_POST["item_name_chi"]."',";
    $query_insert .= "'".$_POST["item_name_eng"]."',";
    $query_insert .= "'".$_POST["item_price"]."',";
    $query_insert .= "'".$_POST["item_comment"]."',";
    $query_insert .= "'".$check."')";

    mysql_query($query_insert);
    //die($query_insert);           All of these work so far!

    // Upload photo
    $allowedExts = array("image/gif", "image/jpeg", "image/jpg", "image/png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    $new_name = $next_increment . "." . $extension;

    if (in_array($_FILES['image']['type'], $allowedExts))
    {
        if(filesize($_FILES['image']['tmp_name']) <= 5000000)
        {
            if ($_FILES["file"]["error"] != 0)
            {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            }
            else
            {
                if (file_exists("photos/" . $_FILES["file"]["name"]))
                {
                    echo $_FILES["file"]["name"] . " already exists. ";
                }
                else
                {
                    move_uploaded_file($_FILES["file"]["tmp_name"],
                    "photos/" . $new_name);
                }
            }
        }
    }
    else
    {
        echo "Invalid file";
    }
    }
Member Avatar

diafol

The Error Message was mine, it pops up on top of my page after summiting the form.

Well, you don't include this in your code, so it's difficult to see what's going on.

Diafol, I think it is the same one that he is echoing out at the bottom. Unless he has it somewhere else as well. I am guessing that it most likely fails at his file check.

Member Avatar

diafol

Ah, my mistake. :) sorry

Don't believe I missed it - twice!