2

I am working on a form where a user have an option to upload an image , if they are not uploading the image then i will use a default image for their profile but i am having some problem with that, i want to validate image only if they are uploading it but right now even if they are not uploading the image my validation code is running and not letting save the rest of the form below is my code

if(isset($_FILES))
    {   
        $imagename = $_FILES['uploadimage']['name'];
        $imagetype = $_FILES['uploadimage']['type'];
        $imagesize = $_FILES['uploadimage']['size'];


        if($imagetype != "image/gif" || $imagetype != "image/jpg" || $imagetype == "image/png" || $imagetype == "image/jpeg")
        {
            $error = 'Please upload an image with JPG, PNG, GIF';
        }
        elseif($imagesize > 716800)
        {
            $error = 'Image Needs to be under 700kb only';      
        }
        else
        {
                     $success = 'Uploaded';
                    }

Even if they are not uploading the image the entire code is running

Improve this question
1

6 Answers 6

Reset to default
2

To be honest don't waste your time with creating your own image upload code, simply use class.upload.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

$_FILES is a superglobal and is ALWAYS present, regardless of how the script was invoked or if a file upload was actually attempted.

You need to check for a specific file instead, such as:

if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) {
   ... upload occured ...
}
Improve this answer

4 Comments

:- now it is not running that piece of code at all, even i am uploading a zip file it is giving me a success message
not running the code at all, but giving success message? Huh?
yes it is skipping the if statement you provided and going to a different else statement that i have written .. if i am uploading a zip file than it should say that error if it is running your if condition BAMM
what's the html for the upload form look like?
1

You should use 

if(!empty($_FILES) && array_key_exists('uploadimage', $_FILES) && $_FILES['uploadimage']['size'] > 0)

instead of 

if(isset($_FILES)).
Improve this answer

2 Comments

Still doing the same thing , even i am not uploading the image it's running that piece of code
yup that make sense and is working fine but also i found an easy alternative in php 4.3 or greater we can use the function if(is_uploaded_file(['file']['tmp_name'])) but i will use yours andrej... thank u for help
1

You must first test if upload is succes, then test if file is image and work with them. 

if (isset($_FILES['nameoffilefield']) && ($_FILES['nameoffilefield']['error'] == UPLOAD_ERR_OK)) {
    if($_FILES['nameoffilefield']['type'] != "image/gif" 
        && $_FILES['nameoffilefield']['type'] != "image/jpg" 
        && $_FILES['nameoffilefield']['type'] != "image/png" 
        && $_FILES['nameoffilefield']['type'] != "image/jpeg")
    {
        $error = 'Please upload an image with JPG, PNG, GIF';
    }
    elseif($imagesize > 716800)
    {
        $error = 'Image Needs to be under 700kb only';      
    }
    else
    {
       $success = 'Uploaded';
       // do something with image 
       move_uploaded_file($_FILES['nameoffilefield']['tmp_name'],$newFileWithDir);
    }
}

But it is not good idea to testing $_FILES['nameoffilefield']['type'] over "image/jpeg", because attacker can send php file with this mime type.

Improve this answer

Comments

0

use this image upload code .

<?php
//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","1000"); 

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an errro occures.  
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
 if(isset($_POST['Submit'])) 
 {
    //reads the name of the file the user submitted for uploading
    $image=$_FILES['image']['name'];
    //if it is not empty
    if ($image) 
    {
    //get the original name of the file from the clients machine
        $filename = stripslashes($_FILES['image']['name']);
    //get the extension of the file in a lower case format
        $extension = getExtension($filename);
        $extension = strtolower($extension);
    //if it is not a known extension, we will suppose it is an error and will not  upload the file,  
    //otherwise we will do more tests
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
        {
        //print error message
            echo '<h1>Unknown extension!</h1>';
            $errors=1;
        }
        else
        {
//get the size of the image in bytes
 //$_FILES['image']['tmp_name'] is the temporary filename of the file
 //in which the uploaded file was stored on the server
 $size=filesize($_FILES['image']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
    echo '<h1>You have exceeded the size limit!</h1>';
    $errors=1;
}

//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied) 
{
    echo '<h1>Copy unsuccessfull!</h1>';
    $errors=1;
}}}}

//If no errors registred, print the success message
 if(isset($_POST['Submit']) && !$errors) 
 {
    echo "<h1>File Uploaded Successfully! Try again!</h1>";
 }

 ?>

 <!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" -->
 <form name="newad" method="post" enctype="multipart/form-data"  action="">
 <table>
    <tr><td><input type="file" name="image"></td></tr>
    <tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
 </table>   
 </form>
Improve this answer

Comments

0

You can also upload image on mysql database from this code::

image.php

  <form action='image.php' method='post' enctype='multipart/form-data' >
     <input type='file' name='image'>
    <input type='submit' name='submit'>
  </form>

 <?php
     if(isset( $_POST['submit'] ) ) {
       $image = addslashes( file_get_contents( $_FILES['image']['tmp_name'] ) );

      $size = getimagesize( $_FILES['image']['tmp_name'] );
     if($size != FALSE )
          mysql_query(" INSERT INTO tableName VALUES ( '', '$image') ) or die(mysql_error());
      else
         echo "image uploading problem";
   }
 ?>
Improve this answer

1 Comment

There's a " missing in your query.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.