Actually, i've developed a CMS to post into my website through..
For post image i want to set limit of 500KB and only GIF,JPEG,JPG and PNG foormats are allowed..This code executes successfully and the alert is appeared too. but when the image is uploaded containing allowed format and size, it shows the alert message again..my using of exit();function is correct here??
The HTML is:
<div class="form-container">
<form method="post" action="publish_post.php" enctype="multipart/form-data">
<input class="inputs" type="text" name="p_title" placeholder="What's the post title"/>
<input class="inputs" type="text" name="p_author" placeholder="Who's the post author"/>
<select class="input" name="p_category" size="1" />
<option value="null">Select post category</option>
<option value="softwares">Softwares</option>
<option value="tips & tricks">Tips & tricks</option>
<option value="wallpapers">Wallpapers</option>
<option value="walpapers_more">Walpapers_more</option>
</select>
<textarea name="p_content" placeholder="What's the post content"></textarea>
<textarea name="p_misc" placeholder="Enter an html code"></textarea>
<textarea name="p_video" placeholder="Enter an embed code"></textarea>
</br>
<div class="upload">
<input type="file" name="p_image" title="Pick an image for post"/>
</div></br>
<span style="margin-left: 5px; color: gray; font-family: sans-serif; font-size: .8em; ">max. size 5MB
</span></br></br>
<input type="submit" name="pub" value="Publish"/>
<input type="button" name="cancel" value="Cancel" onclick="window.open('dashboard','_self');"/>
</form>
</div>
The PHP is:
<?php
if(isset($_POST['pub'])){
$category = mysqli_real_escape_string($con,$_POST['p_category']);
$author = mysqli_real_escape_string($con,$_POST['p_author']);
$title = mysqli_real_escape_string($con,$_POST['p_title']);
$content = mysqli_real_escape_string($con,$_POST['p_content']);
$image_name = $_FILES['p_image']['name'];
$image_type = $_FILES['p_image']['type'];
$image_size = $_FILES['p_image']['size'];
$image_tmp = $_FILES['p_image']['tmp_name'];
$date = date("M,d,Y");
$misc = $_POST['p_misc'];
$video = $_POST['p_video'];
if($image_type != "jpg" && $image_type != "png" && $image_type != "gif" && $image_type != "jpeg" && $image_size>500000)
{
echo "<script>alert('Image size is larger or invlaid format');</script>";
exit();
}
$query = "INSERT INTO `me`(`post_category`, `post_author`, `post_title`, `post_content`, `post_image`, `post_date`, `post_misc`, `post_video`) VALUES ('$category','$author','$title','$content','$image_name','$date','$misc','$video')";
if(mysqli_query($con,$query))
{
move_uploaded_file($image_tmp,"images/$image_name");
header("location:dashboard?done2=done2.png");
}
}
?>
