Member Avatar for Anthony_22

Hello,

I am trying to prevent my form, from submitting if the file is not an image type file but i keep failing, the array that i am using keeps displaying regardless of the files type.
Any help would be grateful.

<?php

    $Manufacturer = $_POST['Manufacturer'];
    $Brand = $_POST['Brand'];
    $Model = $_POST['Model'];
    $Type = $_POST['Type'];
    $Wheel = $_POST['Wheels'];
    $Colour = $_POST['Colour'];
    $Number = $_POST['Gears'];
    $Brake = $_POST['Brakes'];
    $Suspension = $_POST['Suspension'];
    $Gender = $_POST['Gender'];
    $Age = $_POST['Ageof'];
    $image = $_FILES["images"]["name"];
    $Additional = $_POST['Additional'];

    include "../include/config.php";
    $upload_folder = "./uploads/";

    $result=mysqli_query($connection,"SELECT * FROM `Bike` WHERE manufacturer='$Manufacturer'");
    //$file="./uploads/".$_FILES["images"]["name"];
    //$image = addslashes(file_get_contents($_FILES . '../BikeRegistrationDAO.php'));

    if($row=mysqli_num_rows($result) > 0){

        echo "This Bicycle's Manufacturer, Is already registered.";
            return;
    }

    $allowed = array("jpg", "jpeg", "png", "gif");

    if (array($allowed !== "jpg", "jpeg", "png", "gif"))
    {
       die("Not a gif/jpeg/png");
    }

    foreach($_FILES["images"]["name"] as $key => $file_name)
    {
        $tmp_name = $_FILES["images"]["tmp_name"][$key];

        if(file_exists ($upload_folder.$file_name))
        {
            echo "The file ". $file_name . " already exists". "</br>";
        }else{
            move_uploaded_file($tmp_name, $upload_folder.$file_name." MPN: ".$Manufacturer); // uploads the image file name to the folder with the bikes MPN number next to it !
            echo "The file " . $file_name . " has successfully uploaded". "</br>";
        } 
    } 

$sql = "INSERT INTO Bike (Manufacturer, Brand, Model, Type, Wheel, Colour, Number, Brake, Suspension, Gender, Age, image, Additional) VALUES ('$Manufacturer', '$Brand', '$Model', '$Type', '$Wheel', '$Colour', '$Number', '$Brake', '$Suspension', '$Gender', '$Age', '$image', '$Additional')";

    if(!mysqli_query($connection, $sql))
    {
        echo "Not Submited";

    }else{

        echo "Submitted Successfully"."</br>";
    } 
?>
  • 3 Contributors
  • 5 Replies
  • 583 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by ryantroop

Recommended Answers

All 5 Replies

Member Avatar for ryantroop

If you want to stop it client side (to prevent the form from submitting at all), you can look at the input data's type (which should give you the mime type) and you are looking for "image/" if the mime-type doesn't match, return false from the form (otherwise it will still submit).

If you want to do this server side, this page can be of help -- https://www.saotn.org/validate-mime-types-with-php-fileinfo/
Either look at the file name with a regex (bad), look at the file data directly for the mime type (better), or if you have fileinfo extension, use that for mime type comparison.

please note, client side "validation" is meant to make things easier UX/UI wise for your user - it is always good to validate both client and server side, with a minimum being the server side (otherwise, people can just send trash data at you).

Hope that helps,

Ryan

Member Avatar for Anthony_22

Thanks for helping me out!

The issue i have at the moment is that,
the user can upload any file type in the folder dierctly i have given.
I wont to limit the file type to images only, but i fail to do so.

Everytime i use getimagesize "$imageInfo = getimagesize( $_FILES['images']['tmp_name'] );"
i get the following error :

Warning: getimagesize() expects parameter 1 to be string, array given in /home/s1705553/public_html/Assigment/5BikeRegistrationPage/BikeRegistrationDAO.php on line 30

Member Avatar for AndrisP

In nyour code if case in line 32 allways true because actually you check if exist array which defined inside self if case.
Get file extension e.g. 

$ext = pathinfo($_FILES["images"]["name"], PATHINFO_EXTENSION);

and then check if in array e.g.

if(!in_array(strtolower($ext), $allowed)){
    die("Not a gif/jpeg/png");
}
Edited by AndrisP
Member Avatar for ryantroop

also, for your file input on the html you may want to look into the accept attribute:

<form action="/action_page.php">
  <input type="file" name="pic" accept="image/*">
  <input type="submit">
</form>

https://www.w3schools.com/tags/att_input_accept.asp

Again, this is meant as a helpful filter, and will not prevent them from changing the type. It also does not limit file size.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.