uploaded file validation is not working

Hi I am tryin to validate certian types of files to be uploaded and file size and if this follows this correctly then insert in db

this is the code i did so far. So far I commented out the parts that are not working.


Could somebody help me out please.


[PHP]<?php
;

//This function separates the extension from the rest of the file name and returns it
function findexts ($filename)
{
$filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}

//This applies the function to our file
$ext = findexts ($_FILES['resume']['name']) ;

//This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
$ran = 'resume_'.rand () ;

//This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
$ran2 = $ran.".";

//This assigns the subdirectory you want to save into... make sure it exists!
$target = "/var/www/virtual/domain/uploads/";
//This combines the directory, the random file name, and the extension


$target = $target . $ran2.$ext;

$ok=1;

/* //Check file types
if ($ext == "doc") {
$ok=1;
}
elsif ($ext == "pdf") {
$ok=1;
}
elsif ($ext == "txt") {
$ok=1;
}
else {
$ok=0;
Echo "You may only upload MS Word, PDF or Text files. Please click the back button and try again.<br>";

}*/

//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "You may only upload MS Word, PDF or Text files. Please click the back button and try again.<br>";
}


//This is our size condition
//if ($uploaded_size > 2000000)
//{
//echo "Your file is over the size limit (MAX SIZE ALLOWED = 2 MB). Please click the back button and correct this.<br>";

//}



//If everything is ok we try to upload it

//Writes the resume to the server
if(move_uploaded_file($_FILES['resume']['tmp_name'], $target))
{

################# Insert in Database #####################
$con = mysql_connect("localhost","dbusr","dbpass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}mysql_select_db("db", $con);
$sql="INSERT INTO apps (applicationID, salutation, first_name, last_name, dob, nationality, address, work, home, mobile, email, marital_status, salary, position, resume, createddate)
VALUES (NULL, '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[dob]', '$_POST[nationality]', '$_POST[address]', '$_POST[work]', '$_POST[home]', '$_POST[mobile]', '$_POST[email]', '$_POST[marital_status]', '$_POST[salary]', '$_POST[position]', '$target', NOW())";

if (!mysql_query($sql,$con))

{
die('Error: ' . mysql_error());
}


echo "Thank you $_POST[first_name] $_POST[last_name] for submitting your application ";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file. Please click the back button and correct the file then try again.";
}


mysql_close($con)




?>[/PHP]

re: uploaded file validation is not working

Heya, Jonathan.

What do you want your code to do? Give an example.
What is your code doing that you don't want it to do? Give an example.
What is your code *not* doing that it is supposed to? Give an example.

re: uploaded file validation is not working

I can't see what's wrong, but i'm sure that's not all the upload script.

Anyway, the 'findexts()' function is completely unnecessary

is a much better way to do it.

You can then check by doing:
:)
Remember! Uploading with
you need:
aswell.

Also, do not use
mark

re: uploaded file validation is not working

Hi

The script works withthe commented , right all it does is upload and rename the file to resume_random number.txt or what ever format.

The commented part i was trying to use was trying to vaildate the extensions so i only wanted to accept txt, pdf and doc files only all others error out.

I also wanted to validate the file size , do not send anything over 2MB

Thants it really i am trying to accomplish at this point so far i cannot validate the extensions or the file size.

This is all the php code the rest is in html that only controls the design.

re: uploaded file validation is not working

thanks markusn00b

will try that.

re: uploaded file validation is not working

No problem, let me know how things go!

And post up your full code, so we can have a closer look :)

re: uploaded file validation is not working

Hi guys I am still getting the same problem. I put the if statements for the type and size validation but the script does not work when i put it in. If i remove the if statements on the top here and comment out the else the script works fine but there is validation. Where am i going wrong?

[PHP] <?php

if((($_FILES['resume']['type'] == "application/msword")
|| ($_FILES['resume']['type'] == "application/pdf")
|| ($_FILES['resume']['type'] == "text/plain")
&& ($_FILES['resume']['size'] < 200000))
{
//This function separates the extension from the rest of the file name and returns it
function findexts ($filename)
{
$filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
$today = date("Y-m-d_");
//This applies the function to our file
$exts = findexts ($_FILES['resume']['name']) ;

//This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
$ran = 'resume_'.$today.rand () ;

//This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
$ran2 = $ran.".";

//This assigns the subdirectory you want to save into... make sure it exists!
$target = "/var/www/virtual/ansaauto.com/htdocs/resumes/";
//This combines the directory, the random file name, and the extension


$target = $target . $ran2.$exts;

} else {
echo "Your file is over the size limit (MAX SIZE ALLOWED = 2 MB). Please click the back button and correct this.<br>";
exit;
}


//If everything is ok we try to upload it

//Writes the resume to the server
if(move_uploaded_file($_FILES['resume']['tmp_name'], $target))
{

################# Insert in Database #####################
$con = mysql_connect("localhost","user","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}mysql_select_db("dbname", $con);
$sql="INSERT INTO applications (applicationID, salutation, first_name, last_name, marital_status, dob, nationality, address, work, home, mobile, email, salary, position, resume, createddate)
VALUES (NULL, '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[marital_status]', '$_POST[dob]', '$_POST[nationality]', '$_POST[address]', '$_POST[work]', '$_POST[home]', '$_POST[mobile]', '$_POST[email]', '$_POST[salary]', '$_POST[position]', '$target', NOW())";

if (!mysql_query($sql,$con))

{
die('Error: ' . mysql_error());
}


echo "Thank you $_POST[first_name] $_POST[last_name] for submitting your application";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file. Please click the back button and correct the file then try again.";
exit;
}


mysql_close($con)




?>[/PHP]

re: uploaded file validation is not working

Heya, Jonathan.

Try this:

re: uploaded file validation is not working

unfortunately still no luck it came up with a blank page still.

re: uploaded file validation is not working

Heya, Jonathan.

If you're getting a blank page, your script is probably generating an error. Check out this article to find out what is going on.

re: uploaded file validation is not working

PS., Aw what the heck....

2MB == 2,097,152 bytes