Fairly new to PHP and i'm currently trying to validate multiple uploads, but nothing seems to have worked. I've exhausted almost every resource I can find.
I'm sorry there is quite a bit going on in this FOR loop. My code is as follows:
function processForm()
{
for($i=0; $i < VAR_UPLOAD_FIELDS; $i++)
{
echo "Upload field $i ";
if(!empty($_FILES[file][size][$i]))
{
//*********************
//START OF TEST CODE FOR VALIDATION.
//***********************
$fileName = $_FILES[file][name][$i];
// get file name (not including path)
$file_basename = substr($fileName, -4, strripos($fileName, '.'));
$file_ext = substr($file_basename, strripos($file_basename, '.'));
$file_ext = @substr($file_ext, 1); // remove dot
// check file type if needed
if (count($exts)) {
if (!in_array($file_ext[i], $exts))
{
echo "Files of this type are not allowed for upload.";
break;
}
}
$newLocation = VAR_UPLOAD_DIRECTORY.$fileName;
$filesize = intval($_FILES["filename"]["size"]);
//*****************************
// Code to add information of uploads to database
//*****************************
if (DO_LOG) {
// Establish DB connection
$link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
if (!$link) {
$errors[] = "Could not connect to mysql.";
break;
}
$res = @mysql_select_db(DB_DATABASE, $link);
if (!$res) {
$errors[] = "Could not select database.";
break;
}
$m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$m_size = $filesize;
$m_fname = mysql_real_escape_string($fileName);
$sql = "insert into test_uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')";
$res = @mysql_query($sql);
if (!$res) {
$errors[] = "Could not run query.";
break;
}
@mysql_free_result($res);
@mysql_close($link);
}
//*****************************
// End of database code
//*****************************
//Files copied to location.
if(!copy($_FILES[file][tmp_name][$i],$newLocation))
{
echo "<b>Failed - ".$_FILES[file][name][$i]." would not copy to ".$newLocation."</b> (Check your upload directory and permissions)";
}
else
{
###/ SUCCESS /###
#/ Stripping of VAR_BASE_DIRECTORY for better viewing and linking
// $urlShow = str_replace(VAR_BASE_DIRECTORY,'',$newLocation);
$urlShow = $newLocation;
echo "<b> Uploaded successfully - <a href=\"$urlShow\" target=\"_blank\">$urlShow</a></b>";
}
}
else
{
echo "<b>No file uploaded</b>";
}
echo "<br />";
}
return;
}
Now the files are uploaded, and their details added to the database, the FOR loop iterates through this without a problem. However, the issue is that I don't know why it keeps ignoring the validation bit of code. I have an array declared above which is
$exts = array('dxf','dwg','pdf','sldrw','sldrt','bmp','txt');
The loop seems to be ignored completely:
// check file type if needed
if (count($exts)) {
if (!@in_array($file_ext[i], $exts))
{
echo "Files of this type are not allowed for upload.";
break;
}
}
I've uploaded jpgs, jpegs, gifs, GIFs, basically anything i'm trying to restrict and everything still uploads fine. Nothing is validated properly. The values are even added to the database. Can anyone shed light on what i'm doing wrong? And why the echo and break isn't invoked??
Thankyou.
Daz.
