Only allow uploading jpg or gif images?

Adamthenewbie

I have a section on my website that allows people to upload pictures for there personal profile. How would I make it so you could only upload gif and jpg images?

Here is my code so far
<FORM METHOD="POST" enctype="multipart/form-data">
<?
if($upload == "yes")
{
$updir = "files";
copy($file, "$updir/$file_name");
}
echo ('
<input type="hidden" name="upload" value="yes">
<input type="file" class = "textbox" name="file" size="40">
');
?>

Thanks
Adam

crosbystillsnas

check the ending of $file_name:

$check = strToLower($file_name);
if(eregi("(jpg|jpeg|gif)$", $check)){
 // load it
}
else print("Only gif, jpg, jpeg allowed");

Pests

If you dont want to use eregi:

$ext = strtolower(end(explode(".", $filename)));

Then just check if $ext is a filetype you want, either by using an IF with ORs/ANDs or using something like in_array.

kellog

A surefire way of making sure that all uploads are jpg or gif, is to use GetImageSize(). You'll notice that among other things, GetImageSize will return the image type of the file, so you can use that to test to make sure its a valid jpg or gif.

Originally posted by Adamthenewbie
I have a section on my website that allows people to upload pictures for there personal profile. How would I make it so you could only upload gif and jpg images?

Here is my code so far
<FORM METHOD="POST" enctype="multipart/form-data">
<?
if($upload == "yes")
{
$updir = "files";
copy($file, "$updir/$file_name");
}
echo ('
<input type="hidden" name="upload" value="yes">
<input type="file" class = "textbox" name="file" size="40">
');
?>

Thanks
Adam

Adamthenewbie

thanks guys that worked perfect!
Is there a way to allow a max upload of 1 meg?

Pests

Use filesize(), im not sure if it returns bytes or kb, check www.php.net/filesize for more info.

banpro

echo ('
<input type="hidden" name="upload" value="yes">
<input type="file" class = "textbox" name="file" size="40">
<input type="hidden" name="MAX_FILE_SIZE" value="6000">
');

Just add the extra line to your form as I show above. Value should be adjusted to suit your limit needs, and is in bytes.

HTH,
Scott

________

I would recommend the use of the $FILES functions
Eg. to make sure the the file type is correct use $FILES['userfile']['type'] that's much safer then to just check the file ending... if you rename a text file to picture.jpg the server will allow it and there may be broken picture tags on your site, if you just check the file ending!

Regarding file size there can be a problem with the <input type="hidden" name="MAX_FILE_SIZE" value="6000"> method... what if some one is hacking? If you are the only person that have access to upload page, you can use that function - if not use the $_FILES89['userfile']['size']

Take a look at the manual:
http://no2.php.net/manual/en/features.file-upload.php

Good luck!