I've wrote a script for uploading files. When I press the submit button without selecting a file or selecting a file that isn't in the correct format e.g. exe files, the file uploaded message is displayed. There is no issue with loading files in the formats declared at the top of the page, that part works.
<?php
include "connect.php";
error_reporting(E_ERROR);
$message = $_GET['message'];
//function to check for valid image formats
function upload($file_upload, $dir){
$url ='';
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file = finfo_file($finfo, $file_upload["tmp_name"]);
$allowedExts = array("gif", "jpeg", "jpg", "png", "pdf", "PDF", "doc", "DOC", "docx", "DOCX", "JPG", "JPEG", "PNG", "GIF");
$temp = explode(".", $file_upload["name"]);
$extension = end($temp);
if ((($file == "image/gif")
|| ($file == "image/jpeg")
|| ($file == "image/jpg")
|| ($file == "image/pjpeg")
|| ($file == "image/x-png")
|| ($file == "image/png"))
|| ($file == "application/pdf")
|| ($file == "application/msword")
|| ($file == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
&& ($file_upload["size"] < 7000000)
&& in_array($extension, $allowedExts))
{
if ($file_upload["error"] > 0){
$message = "An error occurred: " . $file_upload["error"] . "<br>";
}
else{
$path = $dir . $file_upload["name"];
move_uploaded_file($file_upload["tmp_name"],$path);
}
}
else
{
$message = "Wrong format";
}
return $path;
}
if (isset($_POST['Submit']))
{
//write data into database table
if (!$has_errors)
{
$Link = mysql_connect($Host, $User, $Password);
$path = upload($dir);
if(!empty($_FILES) && is_array($_FILES)){
$path = upload($_FILES["image"], "uploads/");
}
$Query = "INSERT INTO images VALUES ('','".mysql_escape_string($path)."')";
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
if($sql = mysql_db_query ($DBName, $Query, $Link)) {
$message = "File Uploaded";
header("Location: index.php?message=".urlencode($message));
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
}
?>
