[RESOLVED] image uploading

neljan

Hello

I have a phpbb forum and would like particular users to be able to upload an image which is to be displayed on an external page:

http://www.worldclanleague.com/forum/wcl_main.php?style=49#

The division standings tables are images and I would like to add a button below each image so that moderators can change/update them.

I have an idea on how I could restrict regular users from viewing the upload buttons, but that's about it :queasy:

Would someone mind helping me get the ball rolling please?

Much appreciated 🙂

neljan

Ok I found some examples online and I now have this:

<?php

define('IN_PHPBB', true);

$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'wcl/functions.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('viewforum');

page_header('WCL');

include($phpbb_root_path . 'wcl/d1_mini_results.' . $phpEx);
include($phpbb_root_path . 'wcl/d2_mini_results.' . $phpEx);

// ADDED THIS.................................

//define a maximum size for the uploaded images in Kb
 define ("MAX_SIZE","150");

//This function reads the extension of the file.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (no error) and will be changed to 1 if an error occurs.
 $errors=0;

//checks if the form has been submitted
 if(isset($_POST['Submit'])) 
 {
 	//reads the name of the file the user submitted for uploading
 	$wcl_d1_mini_table=$_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name'];
 	//if it is not empty
 	if ($wcl_d1_mini_table) 
 	{
 	//get the original name of the file from the clients machine
 		$filename = stripslashes($_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name']);
 	//get the extension of the file in a lower case format
  		$extension = getExtension($filename);
 		$extension = strtolower($extension);
 	//if it is not a known extension, we will suppose it is an error and will not upload the file
 if (($extension != "png") && ($extension != "gif")) 
 		{
		//print error message
			$success ='';
			$error_message ='<div><span>Please use gif or png formats only.</span></div>';
 			$errors=1;
 		}
 		else
 		{
//get the size of the image in bytes
 $size=filesize($_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name']);

//compare the size with the maximum size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
	$success ='';
	$error_message ='<div><span>Maximum file size is 150kb.</span></div>';
	$errors=1;
}

}}}

//If no errors registered, alter db table and print success message
 if(isset($_POST['Submit']) && !$errors) 
 {
         ("UPDATE phpbb_wcl_mini_tables
						SET 
     						d1='".$wcl_d1_mini_table."'");

$success ='<div><span>Table was updated successfully.</span></div>';
$error_message ='';
 }

 $query = ("SELECT * FROM phpbb_wcl_mini_tables");
 $ds = mysql_fetch_array($query);

	$d1 = ($ds['d1']);

// END OF ADD

$template->set_filenames(array(
	'body' => 'wcl/wcl_main.html',
));

page_footer();

?>

HTML:

<form name="wcl_d1_mini_table_form" method="post" enctype="multipart/form-data"  action="wcl_main.php">
 <table>
 	<tr><td><input type="file" name="wcl_d1_mini_table_image"></td></tr>
 	<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
 </table>
</form>

My db table looks like this:

http://i86.photobucket.com/albums/k98/neljanization/Forum/ScreenHunter_01Jul1916.jpg

I hope I now have enough for someone to help me 🙂

bradgrafelman

So I think I understand the overall idea of what you want to do, and I see that you've got a start on it coding-wise, but I missed the part where you explained what's happening now (errors, etc.).

However, here's a general code critique/commentary based on what you've given us so far:

This:

//This function reads the extension of the file. 
function getExtension($str) { 
         $i = strrpos($str,"."); 
         if (!$i) { return ""; } 
         $l = strlen($str) - $i; 
         $ext = substr($str,$i+1,$l); 
         return $ext; 
}

could (and probably should) instead be written as:

//This function reads the extension of the file. 
function getExtension($str) { 
         return pathinfo($str, PATHINFO_EXTENSION);
}

This:
```
$_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name'];
```
is wrong; see the manual page [man]features.file-upload.post-method[/man] for info on how the $_FILES array is structured (the 'wcl_d1_mini_table_name' index name doesn't make any sense).
This:
```
    //get the original name of the file from the clients machine 
        $filename = stripslashes($_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name']); 
```
uses [man]stripslashes/man for... what reason? You should never have to use stripslashes() on incoming data unless magic_quotes_gpc is enabled. If it is, you should a) only use stripslashes() in a conditional statement that checks if the directive is currently enabled, and b) forget part (a) and just get the highly-deprecated directive disabled ASAP. 😉

Note that this:

//get the size of the image in bytes 
$size=filesize($_FILES['wcl_d1_mini_table_image']['wcl_d1_mini_table_name']);

is unnecessary; the $_FILES array will already be populated with the file size.

This:
```
         ("UPDATE phpbb_wcl_mini_tables 
                        SET 
                             d1='".$wcl_d1_mini_table."'");
```
is the same as saying this:
```
<?php
"Foo.";
?>
```
... both of which do absolutely nothing. Perhaps you meant to actually execute that first string as a SQL query? If so, you're missing a function call (e.g. to [man]mysql_query/man).

Same goes for this:
```
$query = ("SELECT * FROM phpbb_wcl_mini_tables"); 
```
Here you're setting $query equal to a string (no different than "Hello World!"), yet you later pass $query to [man]mysql_fetch_array/man as if $query were a MySQL resource (rather than just a string).
Speaking of that SELECT query... why do it at all in the first place? You just defined the 'd1' column value, so you already know what it is - why query the DB for a value that you already know?
You never do anything with the uploaded file other than store its name some place. Note that uploaded files are stored in a temporary directory under a temporary name, and if you don't use them (e.g. via [man]move_uploaded_file/man) by the time the script is done executing, PHP will simply delete the uploaded files.

neljan

Thanks for the reply Brad.

Ok the relevant portion of the code now looks like this:

define ("MAX_SIZE","150");

function getExtension($str) {
         return pathinfo($str, PATHINFO_EXTENSION);
} 

$errors=0;

if(isset($_POST['Submit']))
{
    $d1=$_FILES['d1']['name'];

if ($d1)
{
    $filename = $_FILES['d1']['name'];
    $extension = getExtension($filename);
    $extension = strtolower($extension);

	if (($extension != "png") && ($extension != "gif"))
    {
        $success ='';
        $error_message ='<div><span>Please use gif or png formats only.</span></div>';
        $errors=1;
    }

	else
    {
	if ($size > MAX_SIZE*1024)
	{
	$success ='';
	$error_message ='<div><span>Maximum file size is 150kb.</span></div>';
	$errors=1;
	}}
}
}

if(isset($_POST['Submit']) && !$errors)
{
    mysql_query("UPDATE phpbb_wcl_mini_tables
                        SET
                             d1='".$d1."'

						 ");

$success ='<div><span>Table was updated successfully.</span></div>';
$error_message ='';
}

$result = 'SELECT * FROM phpbb_wcl_mini_tables';

// idk if the following is possible...?
    $division1 = '<img src="'.($result['d1']).'" width="36" height="162" alt="" />';

I get no errors, but nothing appears to be uploading when I submit the file (the page just refreshes and I see nothing in the db table).

Relevant HTML:

<!-- division 1 -->
<div>
	$division1
</div>

<form method="post" enctype="multipart/form-data" action="wcl_main.php">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input name="d1" type="file">
<input name="submit" type="submit" value="Upload">
</form>

To answer your questions:

I thought the Select query was necessary for retrieving the uploaded image file(s) (bare in mind I intend to have several different images) from the db for displaying on the page?

About 'doing something with it', could this be where I'm at now? I see lots of examples of image uploading scripts where the image is moved to a folder on the server and it's details stored in db, but isn't it possible to upload the image directly to the db? (what I'm trying to do).

I didn't think having the images uploaded to a folder would be suitable for what I'm trying to achieve. I don't need to store hundreds of pictures and all the details associated with them, just (max) 12 small images, which should replace the currently stored image in that divisions db field whenever uploaded (ensuring the latest image is always retrieved).

neljan

hehe I'm such a nub. Of course this isn't going to be possible:

// idk if the following is possible...?
    $division1 = '<img src="'.($result['d1']).'" width="36" height="162" alt="" />';

Because whatever will be stored in the db, won't be a url (probably some binary or something) 😃

Ok so it seems like I have to use a folder to store the images and the db table to store the image data, then use the db data to retrieve the correct image from the folder, right? hmm... The thing is, I don't want to have hundreds of unnecessary images stored and retrieve them by the date they were uploaded (in order to display the latest one). So how would I do this?

Derokorian

use a unique name for each division, so when a new image is uploaded before moving it you check if the target file already exists, if so unlink it and move the new one... then there wouldn't even be a need update the db.

bradgrafelman

neljan wrote:
I get no errors, but nothing appears to be uploading when I submit the file (the page just refreshes and I see nothing in the db table).

That's probably because your script is checking for the presence of $_POST['Submit'] and yet you have no form elements named 'Submit'.

neljan wrote:
I thought the Select query was necessary for retrieving the uploaded image file(s) (bare in mind I intend to have several different images) from the db for displaying on the page

For one, there is no uploaded image in the DB (since you never put it there in the first place).

Either way, you just UPDATE'ed the row a few lines above the SELECT. Why would SELECT'ing the same exact data you just UPDATE'ed yield anything meaningful or anything that you don't already have?

neljan wrote:
I see lots of examples of image uploading scripts where the image is moved to a folder on the server and it's details stored in db, but isn't it possible to upload the image directly to the db?

Certainly it's possible - it's possible to store any data you want in MySQL.

neljan wrote:
(what I'm trying to do).

But why? Why not use the filesystem to store the file itself?

Even if you were determined to store the binary data in the DB for some reason, you'd have to read in the file data and add it to the query. As it is right now, you're only storing the file name in the DB:

$d1=$_FILES['d1']['name'];

EDIT: Addressing more comments I missed..

neljan wrote:
Because whatever will be stored in the db, won't be a url (probably some binary or something)

Nope; as stated above, it's just going to be the name of the file (since that's all you're putting in the D😎.

neljan wrote:
Ok so it seems like I have to use a folder to store the images and the db table to store the image data

It's not required no, but it's likely the way that I would do it.

Either way, MySQL doesn't know the difference between the content of your file and the string "Hello world." Both are just a collection of 0's and 1's that you hand over to MySQL for storage and later retrieval.

neljan wrote:
The thing is, I don't want to have hundreds of unnecessary images stored and retrieve them by the date they were uploaded (in order to display the latest one).

As Derokorian suggests above, why not just go with a single filename... "d1.jpg" for example... and simply replace that file whenever a new one is uploaded?

neljan

Thanks people. I appreciate you teaching me.

bradgrafelman;10984621 wrote:
As Derokorian suggests above, why not just go with a single filename... "d1.jpg" for example... and simply replace that file whenever a new one is uploaded?

Sounds promising, but what if the user uploads .png then .gif the next time?

neljan

This is where I'm at now:

//Set maximum file size
define ("MAX_SIZE","150"); 

//Reads the extension of the file
function getExtension($str) {
         return pathinfo($str, PATHINFO_EXTENSION);
}

//Get data from form
if(isset($_POST['submit']))
{
    $d1_image=$_FILES['d1_image']['name'];

if ($d1_image)
{
    $filename = $_FILES['d1_image']['name'];
    $extension = getExtension($filename);
    $extension = strtolower($extension);

    if (($extension != "png") && ($extension != "gif")) {
        $success ='';
        $error_message ='<div><span>Please use gif or png formats only!</span></div>';
        $errors=1;
    }

    else {
		$size=filesize($_FILES['d1_image']['tmp_name']);

        if ($size > MAX_SIZE*1024) {

			$success ='';
        	$error_message ='<div><span>Maximum file size is 150kb!</span></div>';
    		$errors=1;
   		}

		//rename file
		$image_name=time().'.'.$extension;

		//Directory where images will be saved
		$destination="images/wcl/".$image_name;

		copy($_FILES['d1_image']['tmp_name'], $destination);
	}
}
} 

//If no errors registred, print the success message
if(isset($_POST['submit']) && !$errors) 
 {
 	$success ='<div><span>Uploaded successfully!</span></div>';
	$error_message = '';
 }

mysql_query("INSERT INTO phpbb_wcl_mini_tables (division, name, size, type, content) VALUES ('d1','$filename','$size','$extension','$d1_image')");

db: http://i86.photobucket.com/albums/k98/neljanization/Forum/ScreenHunter_01Jul210000.jpg

HTML:

	<form method="post" enctype="multipart/form-data" action="wcl_main.php">
		<table width="350" border="0" cellpadding="1" cellspacing="1">
			<tr>
				<td width="246">
					<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
					<input type="file" name="d1_image">
				</td>
				<td width="80">
					<input type="submit" name="submit" value="Upload">
				</td>
			</tr>
		</table>
	</form>

Nothing gets copied, nothing gets uploaded. I don't even... 😕

johanafm

neljan;10984667 wrote:
Sounds promising, but what if the user uploads .png then .gif the next time?

You could change format from gif to png and change the extension from gif to png when needed.
See [man]imagegif[/man] for an example of converting png to gif. If you prefer storing pngs, it should be obvious how to do it the other way around.

//Set maximum file size
define ("MAX_SIZE","150"); 

    if (($extension != "png") && ($extension != "gif")) {
            # You may want to also use exif() to check the format, not just the
            # filename extension!
        $errors=1;
    }

    else {
        if ($size > MAX_SIZE*1024) {
                    # If you use MAX_SIZE to decide maximum file size, why not also
                    # use it to display the message to the user? Else, if you change
                    # MAX_SIZE, there is a risk the user is told max size is 150kb
                    # when in fact it's 1MB
			$success ='';
        	$error_message = sprintf('<div><span>Maximum file size is %dkb!</span></div>', MAX_SIZE);
    		$errors=1;
   		}

		//rename file
		$image_name=time().'.'.$extension;

		//Directory where images will be saved
		$destination="images/wcl/".$image_name;

		# You don't check if copy() succeeded or not
		# And you should use move_uploaded_file() for uploaded files
		if (!move_uploaded_file($_FILES['d1_image']['tmp_name'], $destination))
		{
		     $errors = 1;
		}
		else
		{
			# And you don't check if the DB insert was successful either. And this query should
			# probably not be executed if there was an error causing the file to not be saved.
			# Else you have an entry in your DB with not corresponding file.
			$qry = "INSERT INTO phpbb_wcl_mini_tables (division, name, size, type, content) VALUES ('d1','$filename','$size','$extension','$d1_image')";
			if (!mysql_query())
			{
				error_log(sprintf('MySQL error %d: %s%s%s',
							mysql_errno(),
							mysql_error(),
							PHP_EOL,
							$qry
				));
				$errors = 1;

			}
		}

	}
}
}

And once you start checking what succeeds and what fails, it's easy to put in echo or error log statements for debugging purposes to see where your code fails. However, if you have error_reporting turned on (for all errors and warnings) and use display_errors (not in production) and/or log_errors, you should most likely allready have information about what goes wrong in your error log / displayed on screen.

neljan

Thanks very much Johan.

Someone gave me some help on phpbb support forums with regards to the sql query:

You'll want to use phpBB's built-in database functions. As a very basic example:
    $sql = "INSERT INTO blah (blah1, blah2) VALUES ('blah', 'blah')";
    $db->sql_query($sql);
although for insert statements you'd probably want to use sql_build_array; see http://wiki.phpbb.com/Dbal.sql_build_array for more.

Thanks to all you beautiful people, I now have a script which works:

if(isset($_POST['submit1']))
{
    $d1_image=$_FILES['d1_image']['name'];

if ($d1_image) { 

    $filename = $_FILES['d1_image']['name'];
    $extension = getExtension($filename);
    $extension = strtolower($extension); 

    if (($extension != "png") && ($extension != "gif")) {

        $message ='<span>Please use gif or png formats only!</span>';
        $errors=1;
    }

    else {
        $size=filesize($_FILES['d1_image']['tmp_name']);

        if ($size > MAX_SIZE*150) {

            $message ='<span>Maximum file size is 150kb!</span>';
            $errors=1;
        }

    	//rename file
        $image_name=time().'.'.$extension;

        //Directory where images will be saved
        $destination="images/wcl/mini tables/".$image_name;
		copy($_FILES['d1_image']['tmp_name'], $destination);

        if (!move_uploaded_file($_FILES['d1_image']['tmp_name'], $destination)) {

             $message ='<span>Maximum file size is 150kb!</span>';	
             $errors = 1;	 
        }

        else { 

		$filesize = $_FILES['d1_image']['size'];

		$sql_ary = array(
			'division'      => 'd1',
			'name'     		=> $filename,
			'size'      	=> $filesize,
			'type'			=> $extension,
			'content'		=> $d1_image,
			'date'			=> date ("Y-m-d H:m:s")
			);

			$sql = 'INSERT INTO ' . phpbb_wcl_mini_tables . ' ' . $db->sql_build_array('INSERT', $sql_ary); 
			$db->sql_query($sql);

        }
    }
}
}

//If no errors registered, print the success message
if(isset($_POST['submit1']) && !$errors)
{
    $message ='<span>Uploaded successfully!</span>';
}

Obviously, this will only accomodate division 1.

Will I now have to duplicate everything another 11 times for the subsequent divisions, or is there another way?

neljan

I found a bug when attempting to upload an image > 150kb:

[phpBB Debug] PHP Notice: in file /wcl_mini_table_upload.php on line 60: copy() [function.copy]: Filename cannot be empty

I also get a 'maximum size' error message when uploading .png (even though it's <150kb and it does actually upload successfully).

johanafm

There are a few different ways you can't restrict file size, other than checking the file size like you do in your script, and those other ways of doing it would result in the file not being uploaded.
1. html

<input type="hidden" name="MAX_FILE_SIZE" value="100" />
<input name="file" type="file" />

I don't know if behaviour when filesize exceeds the limit is defined. But I'd expect the form to either not be submitted at all, or the file stripped from the post request.

This limit can obviously be circumvented since user's can forge their own post requests instead of using the form you provided them with.

php.ini directive: post_max_size
Max size of the entire post request, including uploaded files. I.e. this value must be greater than upload_max_filesize for upload_max_filesize to make any sense at all.
Not certain here either, but I'd guess the entire post request data would be discarded.
php.ini directive: upload_max_filesize
If the file is too large, the file is discarded - not the metainformation! Which means that you can check $FILES['d1_image']['name'] and see what the filename was on the users side, etc.
What you won't get however, is a valid filename from
$FILES['d1_image']['tmp_name']. The file was discarded, which means there is no file to find (I'm guessing tmp_name will be the empty string, or null).

Then you do some logically shady things like

$size=filesize($_FILES['d1_image']['tmp_name']);
if ($size > MAX_SIZE*150) {

filesize returns... filesize or FALSE (see [man]filesize[/man]), so $size = false;
if (false > SOME_INTEGER) will needs to be typecast in some way. In this case, I'd put my money on the boolean being cast into an integer. Boolean false always casts to 0 while boolean true always casts to 1.
So, you will have
if (0 > SOME_INT_GREATER_THAN_150)
which is the same as
if (false)

which in turn means you assume the filesize is ok. But you don't even have a file. So you should check that filesize doesn't return false: !== false. And you should always always always check that a function that return special values on error didn't just do that! That doesn't just go for mysql_query and the like, it holds for each and every function that might return something indicating an error.
For all functions that do not do this, but have some other means of indicating error, such as calling a specific function, you should always always always check that no error occurred by this extra call.

And in the case of file upload, there is actually a specific value to check which indicates status of the file upload, and obviously it will even tell you if file size was too big UPLOAD_ERR_INI_SIZE (upload_max_filesize) or UPLOAD_ERR_FORM_SIZE (size specified in the html form). There is also a special value for OK, so all you need to do is see if you get this value before you proceed to do everything else.

So the first thing you do is check if file upload was ok, by inspecting the value indicating this and only this! Going through file upload should make it clear how to deal with this.

Also, you should restructure your code. Presently you do things like

if ($size_is_unacceptable)
{
	$error = true;
}
copy($too_big_file, $someplace_permanent);

echo 'file is too big';

You should only move the file to a permanent location if you intend to keep it.

Please note that you didn't replace your call to copy with move_uploaded_file, you just put move_uploaded_file after the call to copy, so now you do pretty much the same thing twice, once without checking that the file actually was uploaded, and once without checking it.

neljan

Ok after several other variations and taking snippets from here/there, I've now come up with this:

$allowed_filetypes = array('.jpg','.JPG','.jpeg','.JPEG','.gif','.GIF','.png','.PNG','.bmp','.BMP'); // accepted filetypes.
$max_filesize = 153600; // Maximum filesize in BYTES (set to 150kb).
$upload_path = './images/wcl/mini tables/'; // The place the files will be uploaded to.

$filename = $_FILES['image']['name']; // Get the name of the file (including file extension).
$filesize = filesize($_FILES['image']['tmp_name']); //Get the size of the file.
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
$ext = strtolower($ext); // Convert extension to lowercase.

$errors=0;

if(isset($_POST['submit1'])) {

$image=$_FILES['image']['name'];

if ($image) { 

	// Check if the filetype is allowed, if not inform the user.
	if(!in_array($ext,$allowed_filetypes)) {
  	$template->assign_var('D1_MESSAGE', 'Invalid file format');
  	$errors=1;
	}

	// Now check the filesize, if it is too large then inform the user.
	elseif(filesize($_FILES['image']['tmp_name']) > $max_filesize) {
  	$template->assign_var('D1_MESSAGE', 'Image exceeds 150kb');
  	$errors=1;
	}

	// Check if we can upload to the specified path, if not inform the user.
	elseif(!is_writable($upload_path)) {
  	$template->assign_var('D1_MESSAGE', 'An unexpected error occured');
  	$errors=1;
	}

	// If there are no errors, upload the file to the database.
	if(isset($_POST['submit1']) && !$errors) {

  	$sql_ary = array(
			'division'      => 'd1',
			'name'     		=> $filename,
			'size'      	=> $filesize,
			'type'			=> $ext,
			'content'		=> $image,
			'date'			=> date ("Y-m-d H:m:s")
			);

			$sql = 'INSERT INTO ' . phpbb_wcl_mini_tables . ' ' . $db->sql_build_array('INSERT', $sql_ary); 
			$db->sql_query($sql);

  	// Rename file to something unique and copy to filesystem.		
  	$filename=time().$ext;
  	move_uploaded_file($_FILES['image']['tmp_name'], $upload_path . $filename);

  	$template->assign_var('D1_MESSAGE', 'Image uploaded successfully');		
	}
}
}

It all works fine except for when I try to upload a file larger than 150kb, I get:

a success message
image doesn't copy to filesystem (good!)
all file information gets added to db except for size = 0

Strange one.

I also can't seem to copy/upload .bmp files, so I'm wondering if there are any other extensions for bitmap that I'm missing?

bradgrafelman

You still haven't addressed this part of johanafm's post:

johanafm;10984737 wrote:
And in the case of file upload, there is actually a specific value to check which indicates status of the file upload, and obviously it will even tell you if file size was too big UPLOAD_ERR_INI_SIZE (upload_max_filesize) or UPLOAD_ERR_FORM_SIZE (size specified in the html form). There is also a special value for OK, so all you need to do is see if you get this value before you proceed to do everything else.

So the first thing you do is check if file upload was ok, by inspecting the value indicating this and only this! Going through file upload should make it clear how to deal with this.

neljan

And in the case of file upload, there is actually a specific value to check which indicates status of the file upload, and obviously it will even tell you if file size was too big UPLOAD_ERR_INI_SIZE (upload_max_filesize) or UPLOAD_ERR_FORM_SIZE (size specified in the html form). There is also a special value for OK, so all you need to do is see if you get this value before you proceed to do everything else.

And how do I see this value?

Nothing I'm trying is working.

Even:

if(isset($_POST['submit1']) && $_FILES['image']['size'] > 1) {
echo "AAAAAAAAAAARGH!!!!!";
die;
}

else {
// proceed
}

Didn't work.

EDIT actually I think thats to do with MAX_FILE_SIZE giving value of 0 if it exceeded?

bradgrafelman

neljan wrote:
And how do I see this value?

As the manual explains, it's in the 'error' index of the $_FILES['file_field_name'] array.

neljan

Yep that was the problem. Because I was attempting to upload a file larger than the forms MAX_FILE_SIZE limit, it was sending a file size value of 0 through to php, which of course would evade:

$size=filesize($_FILES['image']['tmp_name']);

if($size > 150) {
die;
}

In the end I used this:

if(isset($_POST['submit']) && $_FILES['image']['size'] > 0) {
// proceed
}
elseif(isset($_POST['submit']) && $_FILES['image']['size'] <= 0) {
// fail
}

bradgrafelman

The "proper" way of handling a file upload (in my opinion, at least) would be more like:

if($_FILES['image']['error'] == UPLOAD_ERR_OK) {
    // process file upload
} else {
    // upload filed; use error value to determine why and output/log appropriate message(s)
}

neljan

I thought I'd post this here instead of creating another thread...

Theres one slight snag I just realised. I'm uploading images to the db and to the filesystem, but I'm not renaming the images something unique (because I couldn't seem to get the images to display when they're renamed) therefore, if someone were to upload an image for division 1 called 'table.jpg' and then someone else were to upload an image for D2 named 'table.jpg', then one will overwrite the other and the same image will be displayed for both divisions (incorrect).

So my question is, how can I select the latest image for the correct division and display that image, when the image was renamed something that doesn't match whats stored in the db?

I have 2 files. The 1st uploads the image:

$max_filesize = 153600; // Maximum filesize in BYTES (set to 150kb).
$allowed_filetypes = array('.jpg','.JPG','.jpeg','.JPEG','pjpeg', 'PJPEG', '.gif','.GIF','.png','.PNG','.bmp','.BMP'); // accepted filetypes.
$upload_path = 'images/mini_tables/'; // The place the files will be uploaded to.

$filename = $_FILES['image']['name']; // Get the name of the file (including file extension).
$filesize = filesize($_FILES['image']['tmp_name']); //Get the size of the file.
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
$ext = strtolower($ext); // Convert extension to lowercase.

$errors=0;

// Check to see if there is actually a file to process.
if(isset($_POST['submit1']) && $_FILES['image']['size'] > 0) {

$image=$_FILES['image']['name'];

if ($image) { 

	// Check if the filetype is allowed, if not inform the user.
	if(!in_array($ext,$allowed_filetypes)) {
  	$template->assign_var('D1_MESSAGE', 'Invalid file format');
  	$errors=1;
	}

	// Now check the filesize, if it is too large then inform the user.
	if(filesize($_FILES['image']['tmp_name']) > $max_filesize) {
    $template->assign_var('D1_MESSAGE', 'Image exceeds 150kb');
  	$errors=1;
	}

	// Check if we can upload to the specified path, if not inform the user.
	if(!is_writable($upload_path)) {
  	$template->assign_var('D1_MESSAGE', 'An unexpected error occured');
  	$errors=1;
	}

	// If there are no errors, upload the file to the database.
	if(isset($_POST['submit1']) && !$errors) {

  	$sql_ary = array(
			'division'      => 'd1',
			'name'     		=> $filename,
			'size'      	=> $filesize,
			'type'			=> $ext,
			'content'		=> $image,
			'date'			=> date ("Y-m-d H:m:s")
			);

			$sql = 'INSERT INTO ' . phpbb_wcl_mini_tables . ' ' . $db->sql_build_array('INSERT', $sql_ary); 
			$db->sql_query($sql);

  	move_uploaded_file($_FILES['image']['tmp_name'], $upload_path . $filename);

  	$template->assign_var('D1_MESSAGE', 'Image uploaded successfully');		
	}
}
}
elseif(isset($_POST['submit1']) && $_FILES['image']['size'] <= 0) {
	$template->assign_var('D1_MESSAGE', 'Image exceeds 150kb');
}

// (The rest of the code basically repeats for the subsequent divisions.)

The 2nd shows the image:

$data = mysql_query("SELECT * FROM phpbb_wcl_tables WHERE division='d1' ORDER BY date DESC LIMIT 1"); 
while ($image = mysql_fetch_array($data)) {
    $template->assign_var('D1_TABLE', "<img src=images/tables/".$image['content'] ." style='border: 3px solid #9f9d18;' />");
}

$template->set_filenames(array(
'body' => 'wcl/d1.html',
));

Thanks again for your time.

EDIT I just thought of a solution: specify seperate target folders.

I'll leave this here though because it is something I would like to know how to do.