Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
On Wednesday 23 November 2005 03:15, twistednetadmin wrote:
I use this line in a script for uploading pictures to a website:
$_FILES['guildimage']['type'] == image/jpeg
[snip]
Please understand that the type is set by the browser and is never to be
trusted.
Especially with file uploads, extreme cautions apply.
If all you want to upload are images, then ONLY rely on the php builtin
getimagesize
Example
if($result=(@ getimagesize($_FILES['guildimage']['tmp_name'])) ===false)
die('Invalid picture');
list($width,$height,$type)=$result;
swith($type)
{case 1: #gif; break;
case 2: #jpeg; break;
case 3: #png; break;
case ... see php getimagesize documentation
}
And always use the move_uploaded_file function so you are sure you really are
moving an uploaded file and not one that is already on the server
Example
move_uploaded_file($_FILES['guildimage']['tmp_name'],$publicdir);
This function will fail if called with a file that was not uploaded.
HTH
Andy
--
Now listening to Top! Radio Live www.topradio.be/stream on amaroK
Geek code: www.vlaamse-kern.com/geek
Registered Linux User No 379093
If life was for sale, what would be its price?
www.vlaamse-kern.com/sas/ for free php utilities
--
pgpXBjAnHW99i.pgp
Description: PGP signature
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
On Wed, Nov 23, 2005 at 06:48:25AM +0100, twistednetadmin wrote: This did the trick: elseif ($_FILES['guildimage']['type'] == image/pjpeg or image/jpeg) Not for reasons you think. The (or image/jpeg) is going to evaulate as TRUE, so your expression will always be true. For example: var_dump((bool) image/jpeg); You should really consider using the fileinfo extension, or mabey even http://php.net/getimagesize. The ['type'] information can't be trusted to be what it says it is. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
Curt Zirzow wrote: You should really consider using the fileinfo extension, or mabey even http://php.net/getimagesize. The ['type'] information can't be trusted to be what it says it is. Any reason why no one is suggesting the use of mime_content_type? http://ca.php.net/mime_content_type It seems to work well for me and there's no need to trust whatever the browser claims a file is or having to worry about different browsers inconsistently describing a mime type. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
I'd say because it's been depreciated. LXXVI. Mimetype Functions Introduction Warning This extension has been deprecated as the PECL extension fileinfo provides the same functionality (and more) in a much cleaner way. On Wednesday 23 November 2005 12:45 pm, Ben wrote: Curt Zirzow wrote: You should really consider using the fileinfo extension, or mabey even http://php.net/getimagesize. The ['type'] information can't be trusted to be what it says it is. Any reason why no one is suggesting the use of mime_content_type? http://ca.php.net/mime_content_type It seems to work well for me and there's no need to trust whatever the browser claims a file is or having to worry about different browsers inconsistently describing a mime type. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
I use this line in a script for uploading pictures to a website:
$_FILES['guildimage']['type'] == image/jpeg
This works fine when using Mozilla, but it doesn't work with IE.
How should I do it to get it working with both/all browsers?
if (isset($_POST['submit']))//If you
press submit
{
$sysfolder=/guildimages/;
$filename=.$_FILES['guildimage']['name'].;
if (file_exists($sysfolder . $filename)) //And the
file exists or there is no file chosen
{
echo Filename exists or no file selected. Please rename the file or select
a file;
}
elseif ($_FILES['guildimage']['type'] == image/jpeg) //If the
filetype is correct (this is where the change should be I think)
{
copy ($_FILES['guildimage']['tmp_name'],
/guildimages/.$_FILES['guildimage']['name'])//Copy the file to
folder (/guildimages)
or die(Could not copy file); //Or
die
echo Result:br\n;
echo Filename: .$_FILES['guildimage']['name'].br\n;
echo Filesize: .$_FILES['guildimage']['size']. bytebr\n;
echo Filtype: .$_FILES['guildimage']['type'].br\n;
echo Congrats! It worked!\n;
}
else
{
echo Result:br\n;
echo Now that didn't seem to work... br\n
Have you checked the size and filetype? br\n
File that failed-- (.$_FILES['guildimage']['name'].)br;
}
}
Does anyone know the answer to this?
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
I use the fileinfo pecl. http://pecl.php.net/Fileinfo
how to get a mime type:
$info = new finfo( FILEINFO_MIME );
$mime = $info-file($filename);
then my extention grabber:
function getExtention() {
switch ( $this-mimeType ) {
case image/jpeg: return 'jpg'; break;
case image/png: return 'png'; break;
case image/gif: return 'gif'; break;
default: throw new ImageTypeNotSupportedException();
}
}
This is all done in a Image Object.
On Tuesday 22 November 2005 08:15 pm, twistednetadmin wrote:
I use this line in a script for uploading pictures to a website:
$_FILES['guildimage']['type'] == image/jpeg
This works fine when using Mozilla, but it doesn't work with IE.
How should I do it to get it working with both/all browsers?
if (isset($_POST['submit']))//If you
press submit
{
$sysfolder=/guildimages/;
$filename=.$_FILES['guildimage']['name'].;
if (file_exists($sysfolder . $filename)) //And the
file exists or there is no file chosen
{
echo Filename exists or no file selected. Please rename the file or
select a file;
}
elseif ($_FILES['guildimage']['type'] == image/jpeg) //If
the filetype is correct (this is where the change should be I think)
{
copy ($_FILES['guildimage']['tmp_name'],
/guildimages/.$_FILES['guildimage']['name'])//Copy the file
to folder (/guildimages)
or die(Could not copy file); //Or
die
echo Result:br\n;
echo Filename: .$_FILES['guildimage']['name'].br\n;
echo Filesize: .$_FILES['guildimage']['size']. bytebr\n;
echo Filtype: .$_FILES['guildimage']['type'].br\n;
echo Congrats! It worked!\n;
}
else
{
echo Result:br\n;
echo Now that didn't seem to work... br\n
Have you checked the size and filetype? br\n
File that failed-- (.$_FILES['guildimage']['name'].)br;
}
}
Does anyone know the answer to this?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
The reason why I suggested the fileinfo idea was because IE and mozilla report the mime type differently. image/x-jpeg vs image/jpeg I believe it is. using fileinfo just standardizes what you need to check for. On Tuesday 22 November 2005 09:56 pm, twistednetadmin wrote: I don't think that is quite what I'm after... I have restriction on only jpg images and filesize 300kb. The problem I have is that the IE browser doesn't recognize a =300kb jpg mage as a valid file while Mozilla do. The switch statement though seems interesting. Not sure how I should use it in this case. The fileupload is just a simple form with a browsebutton. I am not trying to get more fileinfo or anything like that. Only to get IE to understand that it actually IS a valid file and then upload it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
This did the trick: elseif ($_FILES['guildimage']['type'] == image/pjpeg or image/jpeg)
