PHP $_FILES[''] becomes empty before validation

Asked

Viewed 1,350 times

0

Good,

I have a problem in my code, I have an image upload and I set that the size should be less than 2MB and 280 x 280 px.

What happens is that when an image upload is made the $_FILES['avatar']['tmp_name'] ceases to exist, but only when the image is greater than 2 MB and does not output this error. And if it is lower than 2MB but with more than 280 x 280 px, it gives the output of this correct error.

And I’m not using the MAX_UPLOAD_SIZE input I think that’s what it’s called. This is the input:

<form enctype="multipart/form-data" action="perfil.php" method="POST" role="form">
<input type="file" name="avatar" accept="image/x-png, image/gif, image/jpeg" onchange="av()" data-placement="bottom" data-toggle="tooltip" title="Limite 2MB"></div>

Here is the PHP code,

define('MB', 1048576);
if(isset($_POST['avatar'])){
$img = true;
$nome = $_SESSION["tipo"].$_SESSION["id"];
$uploaddir = "C:/Program Files (x86)/VertrigoServ/www/teste/avatar/";
$uploadfile = $uploaddir . basename($_FILES['avatar']['name']);
$imageFileType = pathinfo($uploadfile,PATHINFO_EXTENSION);
$upFinal = $uploaddir . $nome . "." . $imageFileType;
$uploadOk = 1;

  if(filesize($_FILES["avatar"]["size"]) > 2*MB) {
    $size = true;
    $uploadOk = 0;
  }

  if(!empty($_FILES['avatar']['tmp_name'])){
    $imgS = getimagesize($_FILES['avatar']['tmp_name']);
    $imgW = $imgS[0];
    $imgH = $imgS[1];
    if($imgW > 280 || $imgH > 280){
      $pixels = true;
      $uploadOk = 0;
    }
  }

  if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ){
    $type = true;
    $uploadOk = 0;
  }

  if ($uploadOk == 1){
    if(move_uploaded_file($_FILES["avatar"]["tmp_name"], $upFinal)) {
      $up = true;
      $avatar= "/empregos/docs/". $nome . "." . $imageFileType;
      mysqli_query($mysqli,"UPDATE candidatos SET avatar= '$avatar' WHERE id = '$id'");
      header("Location:login.php?update=".$_SESSION['tipo']."");
      }
    }
 }

3 answers

2

Note that Function filesize() returns the bit size of a file, and takes as parameter the path of that file (if I am not mistaken). So this line is not correct:

if(filesize($_FILES["avatar"]["size"]) > 2*MB) {

It should be something like:

if ($_FILES["avatar"]["size"] > 2*MB) {

Also, as @Daniel Omine mentioned, it’s best to also validate the errors: /a/83154/14345

1


In the global variable $_FILES[], before making any kind of access to the parameters, you should check the value of the parameter error.

Example

if( $_FILES["avatar"]['error'] != UPLOAD_ERR_OK )
{
    /*
    Houve erro
    */
    echo 'código de erro do upload: ' . $_FILES["avatar"]['error'];
    exit; // interrompe outras execuções
}

See the error codes in the documentation: http://www.php.net/manual/en/features.file-upload.errors.php

  • Actually before the parameters check in ['error'] automatically solved the problem. The $size variable is created if the file exceeds 2 MB’s. I am using ($_FILES["avatar"]["size"] > 2*MB) as mentioned above, and that was really helpful since I was unaware of the bit Return detail instead of bytes. Thanks for the help!

  • the measure is in bytes, not in bits..

0

UPDATED

2*MB = 2097152 Equates to 2048 Mb

Soon you condition that if(filesize($_FILES["avatar"]["size"]) must be bigger than 2097152 so that it can happen:

$size = true;
$uploadOk = 0;

Then, under these conditions, an upload made whose image contains a value INFERIOR to 2MB the mistake will happen!

SOLUTION

if(filesize($_FILES["avatar"]["size"]) < 2*MB) { 

  // caso você queira imagens inferiores a 2048 Mb

}
  • not that my ini.php is upload_max_filesize = 8M and post_max_size = 8MB. Thanks

  • @andreisaac, UPDATED!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.