0

Hello,

I am trying to prevent my form, from submitting if the file is not an image type file but i keep failing, the array that i am using keeps displaying regardless of the files type.
Any help would be grateful.

<?php

    $Manufacturer = $_POST['Manufacturer'];
    $Brand = $_POST['Brand'];
    $Model = $_POST['Model'];
    $Type = $_POST['Type'];
    $Wheel = $_POST['Wheels'];
    $Colour = $_POST['Colour'];
    $Number = $_POST['Gears'];
    $Brake = $_POST['Brakes'];
    $Suspension = $_POST['Suspension'];
    $Gender = $_POST['Gender'];
    $Age = $_POST['Ageof'];
    $image = $_FILES["images"]["name"];
    $Additional = $_POST['Additional'];

    include "../include/config.php";
    $upload_folder = "./uploads/";

    $result=mysqli_query($connection,"SELECT * FROM `Bike` WHERE manufacturer='$Manufacturer'");
    //$file="./uploads/".$_FILES["images"]["name"];
    //$image = addslashes(file_get_contents($_FILES . '../BikeRegistrationDAO.php'));

    if($row=mysqli_num_rows($result) > 0){

        echo "This Bicycle's Manufacturer, Is already registered.";
            return;
    }

    $allowed = array("jpg", "jpeg", "png", "gif");

    if (array($allowed !== "jpg", "jpeg", "png", "gif"))
    {
       die("Not a gif/jpeg/png");
    }

    foreach($_FILES["images"]["name"] as $key => $file_name)
    {
        $tmp_name = $_FILES["images"]["tmp_name"][$key];

        if(file_exists ($upload_folder.$file_name))
        {
            echo "The file ". $file_name . " already exists". "</br>";
        }else{
            move_uploaded_file($tmp_name, $upload_folder.$file_name." MPN: ".$Manufacturer); // uploads the image file name to the folder with the bikes MPN number next to it !
            echo "The file " . $file_name . " has successfully uploaded". "</br>";
        } 
    } 

$sql = "INSERT INTO Bike (Manufacturer, Brand, Model, Type, Wheel, Colour, Number, Brake, Suspension, Gender, Age, image, Additional) VALUES ('$Manufacturer', '$Brand', '$Model', '$Type', '$Wheel', '$Colour', '$Number', '$Brake', '$Suspension', '$Gender', '$Age', '$image', '$Additional')";

    if(!mysqli_query($connection, $sql))
    {
        echo "Not Submited";

    }else{

        echo "Submitted Successfully"."</br>";
    } 
?> 
3
Contributors
5
Replies
55
Views
6 Months
Discussion Span
Last Post by ryantroop
2

If you want to stop it client side (to prevent the form from submitting at all), you can look at the input data's type (which should give you the mime type) and you are looking for "image/" if the mime-type doesn't match, return false from the form (otherwise it will still submit).

If you want to do this server side, this page can be of help -- https://www.saotn.org/validate-mime-types-with-php-fileinfo/
Either look at the file name with a regex (bad), look at the file data directly for the mime type (better), or if you have fileinfo extension, use that for mime type comparison.

please note, client side "validation" is meant to make things easier UX/UI wise for your user - it is always good to validate both client and server side, with a minimum being the server side (otherwise, people can just send trash data at you).

Hope that helps,

Ryan

0

Thanks for helping me out!

The issue i have at the moment is that,
the user can upload any file type in the folder dierctly i have given.
I wont to limit the file type to images only, but i fail to do so.

Everytime i use getimagesize "$imageInfo = getimagesize( $_FILES['images']['tmp_name'] );"
i get the following error :

Warning: getimagesize() expects parameter 1 to be string, array given in /home/s1705553/public_html/Assigment/5BikeRegistrationPage/BikeRegistrationDAO.php on line 30

1

In nyour code if case in line 32 allways true because actually you check if exist array which defined inside self if case.
Get file extension e.g.

$ext = pathinfo($_FILES["images"]["name"], PATHINFO_EXTENSION);

and then check if in array e.g.

if(!in_array(strtolower($ext), $allowed)){
    die("Not a gif/jpeg/png");
}

Edited by AndrisP

2

also, for your file input on the html you may want to look into the accept attribute:

<form action="/action_page.php">
  <input type="file" name="pic" accept="image/*">
  <input type="submit">
</form>

https://www.w3schools.com/tags/att_input_accept.asp

Again, this is meant as a helpful filter, and will not prevent them from changing the type. It also does not limit file size.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.