[RESOLVED] trouble with file size

system_critical

Hi,

I seem to be having a hard time getting the file size from the $FILES array. I think $FILES["inputname"]["size"] should get it, but I get no value. I'm trying to validate some profile information from a form. I am able to upload the file and get the name just fine. I'm not sure why the size is giving me so much trouble. Here is the original form and the php processing it:

Original Form

<?php
echo'<div class="top"></div>
    <div id="profile"><h2>'.$username.'\'s profile</h2>
	<hr>
	<form method="POST"  enctype="multipart/form-data" action="php/processprofile.php">
	<input type="hidden" name="username" value="'.$username.'"
    <p>'.$image.'</p>
	<input type="hidden" name="MAX_FILE_SIZE" value="358400" />
	<input type="file" id="profilepic" name="img"/>
	<h2>biography</h2>
	<hr>
	<textarea id="biography" name="biography">'.$biography.'</textarea>
	<h2>Interests</h2>
	<hr>
	<textarea id="interests" name="interests">'.$interests.'</textarea>
	<h2>Media</h2>
	<hr>
	<textarea id="media" name="media">'.$media.'</textarea>
	<h2>Contact</h2>
	<hr>
	<textarea id="contact" name="contact">'.$contact.'</textarea>
    <input type="submit" name="submit"/>
	</div>
    <div class="bottom"></div>

</form>';
?>

PHP (process profile):

<?php ob_start(); ?>
<?php 
include('../../dbnode.php'); // database info

echo '<h1> Here is filesize'.$_FILES["img"]["size"].'</h1>'; // returns no value

$username = $_POST['username'];
$d_file = $_FILES['img']['name'];
$d_biography = $_POST['biography'];
$d_interests = $_POST['interests'];
$d_media = $_POST['media'];
$d_contact = $_POST['contact'];

$fileext_kosher = false;
$filesize_kosher = false;
$file_kosher = false;

echo'<h1>'.$filesize_kosher.'</h1>';


/*process information */
//start with FILE upload sucess or empty:
if((!empty($_FILES["img"])) && ($_FILES['img']['error'] == 0)) {
//check for jpg, gif or png. 
$ext = substr($d_file, strrpos($d_file, '.') + 1);
		if($ext =='jpg' || $ext=='gif' || $ext == 'png'){
		$fileext_kosher = true;
		}else{
		$fileext_kosher = false;
		}

$size = $_FILES['img']['size'];
		if ($size <= 358400){
		$filesize_kosher = true;
		}else{
		$filesize_kosher = false;
		}

}else{
$file_kosher = true; // if file was left blank
}

// else file check continue

if($fileext_kosher == true && $filesize_kosher == true){
if($select){
$query = 'SELECT userindex FROM mytable WHERE username =\''.$username.'\'';
$result = mysql_query($query);
$index = mysql_fetch_assoc($result);

$new_name = '../profile_pics/'.$username.$index['userindex'].'.'.$ext.'';
if(move_uploaded_file($_FILES['img']['tmp_name'],$new_name)){
//upload new file name to profile db
$query = 'UPDATE mytable SET image=\''.$username.$index['userindex'].'.'.$ext.'\' WHERE username =\''.$username.'\'';
echo $query;
$result = mysql_query($query);
		if($result){
		$file_kosher = true;
		}else{
		$file_kosher = false;
		}//result
}//move
}//select
}
/*process the rest of the info*/
$c_biography =  htmlspecialchars($d_biography);
$c_interests =  htmlspecialchars($d_interests);
$c_media =  htmlspecialchars($d_media);
$c_contact =  htmlspecialchars($d_contact);

// since contact can contain links we check for malicious script elements like () or ;


// load the good info 

if($file_kosher == true){
if($select){

$c_biography =  mysql_real_escape_string($c_biography);
$c_interests =  mysql_real_escape_string($c_interests);
$c_media =  mysql_real_escape_string($c_media);
$c_contact =  mysql_real_escape_string($c_contact);

$query = 'UPDATE mf_user SET interests=\''.$c_interests.'\', biography=\''.$c_biography.'\', media  =\''.$c_media.'\', contact=\''.$c_contact.'\' WHERE username =\''.$username.'\'';
$new_result = mysql_query($query);
if($new_result){
session_start();

$_SESSION['username'] = $username;
//header('location:http://www.mysite.com/?load=profile');
}else{
echo 'database problem';
}
}
}

if($fileext_kosher == false){
$fileext_error = '<p>The extension of your file is not allowed. Jpg, gif and png are accepted.</p>';
}
if($filesize_kosher == false){
$filesize_error='<p>Your file size is too big. Images must be 350k or less.</p>';
}

$error = $fileext_error.$filesize_error;



if($fileext_kosher == false || $filesize_kosher == false || $file_kosher == false){
echo '<link href="../styles/base.css" rel="stylesheet" type="text/css" />';
echo'<div id="profileRedux" class="flowPannel">
    <div class="top"></div>
    <div id="profile"><h2>'.$username.'\'s profile</h2>
	<div class="warning">'.$error.'</div>
	<hr>
	<form method="POST"  enctype="multipart/form-data" action="processprofile.php">
	<input type="hidden" name="username" value="'.$username.'"
    <p>'.$image.'</p>
	<input type="hidden" name="MAX_FILE_SIZE" value="358400" />
	<input type="file" id="profilepic" name="img"/>
	<h2>biography</h2>
	<hr>
	<textarea id="biography" name="biography">'.$d_biography.'</textarea>
	<h2>Interests</h2>
	<hr>
	<textarea id="interests" name="interests">'.$d_interests.'</textarea>
	<h2>Media</h2>
	<hr>
	<textarea id="media" name="media">'.$d_media.'</textarea>
	<h2>Contact</h2>
	<hr>
	<textarea id="contact" name="contact">'.$d_contact.'</textarea>
    <input type="submit" name="submit"/>
	</div>
    <div class="bottom"></div>
	</div>
	</form>';
}
/*else ehco annoying error pannel*/
?>
<?php ob_flush();?>

Thank you very much. Any help or suggestions are appreciated immensely.

dalecosp

Debug array operations by reading the array data with [man]print_r/man.

HTH,

NogDog

Since your file-type input element is named "img", it would be $_FILES['img']['size'].

system_critical

Something else must be wrong. print_r and echo both yield the same empty result when I use $_FILES['img']['size']. I must be missing something else wrong there, but even when the echo or print is one of the first elements on the page I get an empty array value for size. Thanks for the help. Any suggestions?

NogDog

Try a print_r() just on $FILES, checking to see if any of the data looks correct and/or there is any error message:

echo "<pre>" . print_r($_FILES, 1) . "</pre>"; // the "1" parameter makes it work in the echo

Weedpacket

Just a wacky idea: is the file actually there? (Upload the file, but before you start processing it, sleep() for a few seconds or so and see if it's shown up in the temp directory).

system_critical

I figured out the problem. The html hidden field with the max size is set to 358400 thus when you upload a file that's too big it just throws $_FILES['name']['error'] == 2 or file too big. It never sends a value, just an error. I ended up testing for error 2 instead. I think this seems correct. I feel silly for not realizing this earlier.

system_critical

I put this in the wrong space.

Weedpacket

Suggest you test for UPLOAD_ERR_FORM_SIZE instead; otherwise you'll come along eight months from now and wonder what that "2" is supposed to mean 🙂

system_critical

Good call. I'll use that. Thanks.