ansaurus

Question

PHP - Looping through $_FILES to check filetype

Answer 1

+1 A:

Well, your boolean logic is ambiguous and likely not doing what you want. This will probably work better:

    if ((($_FILES["image$i"]["type"] == "image/gif")
    || ($_FILES["image$i"]["type"] == "image/jpeg")
    || ($_FILES["image$i"]["type"] == "image/png" ))
    && ($_FILES["image$i"]["size"] < 500000))

Though if I had my druthers, the entire thing would look like:

    $file = $_FILES['image' . $i];
    $type = $file['type'];
    if(($type == 'image/gif' || $type == 'image/jpeg' || $type == 'image/png') && $file['size'] < 500000)

chaos 2009-07-17 14:15:37

It's not "ambiguous", it's just not what the author intended. Operator precedence rules resolve any ambiguity in that expression.

Paul Dixon 2009-07-17 14:21:21

My apologies; the way I was using "ambiguous" was ambiguous.

chaos 2009-07-17 14:41:05

Answer 2

A:

I think your if conditional is wrong. You need brackets around the first group of booleans that are OR'd, like this:

   if ( (($_FILES["image$i"]["type"] == "image/gif")
    || ($_FILES["image$i"]["type"] == "image/jpeg")
    || ($_FILES["image$i"]["type"] == "image/png" ))
    && ($_FILES["image$i"]["size"] < 500000))

This properly means "if the file is an image of (gif or jpeg or png) AND is less than that size".

The way you had it before was not likely the logic you desired.

Peter 2009-07-17 14:16:26

Answer 3

+4 A:

This isn't a direct answer to your question, but you can pass form values to PHP as an array which should be easier to loop through. in_array() is also useful for checking that a value is within an allowed list.

HTML:

<input type="file" name="image[]">
<input type="file" name="image[]">
<input type="file" name="image[]">
<input type="file" name="image[]">

PHP:

<?php
if (isset($_FILES['image'])) {
    foreach ($_FILES['image'] as $file) {
        if (!in_array($file['type'], array("image/gif", "image/jpeg", "image/png"))
           || $file['size'] > 500000) {
           //error
        } else {
           //ok
        }
    }
}

Tom Haigh 2009-07-17 14:18:15

+1 for the `in_array()` suggestion.

ceejayoz 2009-07-17 14:26:08

I second Tom Haigh's +1

Josh 2009-07-17 17:59:35

Answer 4

+6 A:

The && operator has a higher precedence than ||, so rather than (A OR B OR C) AND D as you intended, it is actually A OR B OR (C AND D)

You can use parentheses to enforce the evaluation you intended.

However, something like this might be cleaner and easier to maintain/read:

$allowed_types=array(
    'image/gif',
    'image/jpeg',
    'image/png',
);


$sscount = $_POST['imgcount'];
if($sscount>0){
    for($i = 1; $i <= $sscount; $i++){

        if (in_array($_FILES["image$i"]["type"], $allowed_types) && 
            ($_FILES["image$i"]["size"] < 500000))
        {

        }

    }
}

Paul Dixon 2009-07-17 14:18:32

Thanks Paul, much appreciated - I went with this in the end.

Stann0rz 2009-07-17 15:56:22

Nice code Paul.

Josh 2009-07-17 17:58:32

Answer 5

+3 A:

As others have mentioned, the way you had grouped your conditionals was wrong. However, rather than simply adding some parentheses, I'd suggest you seperate out the two conditions completely;

// this declaration + the use of in_array() isn't necessary,
// it just makes things a bit cleaner.
$file_types = array("image/gif","image/jpeg","image/png"); 

if($_FILES["image$i"]["size"] < 500000)
{
    if(in_array($_FILES["image$i"]["type"], $file_types)))
    {
        // do stuff
    }
    else
    {
        // error about file type
    }
}
else
{
    // error about file size
}

Having this separation makes the code more readable and suggests the condition hierarchy more readily, PLUS it allows your error messages to be more meaningful. It's good practice to separate conditional statements of different types, so that any error messages remain useful. If your code threw an error as it is, the user has no way of knowing (without having to faff about themselves) whether their image was too big or the wrong type.

MatW 2009-07-17 14:19:01

+1 for the different error messages.

Raffael Luthiger 2009-07-17 14:39:01

Answer 6

A:

You can combine all the ['type']==x || ['type']==y in a single call to in_array($_FILES[...]['type'], $allowed)>

$_FILES[..]['type'] contains data sent by the client that is neither checked nor sanitized by php. If the file's type is of any relevance don't rely on $_FILES[..]['type'] or the suffix of $_FILES[..]['name']. Only the actual contents matters. If needed you can test that with the fileinfo extension or mime_content_type() (which is marked as deprecated in favour of fileinfo)

VolkerK 2009-07-17 14:26:05

Answer 7

+2 A:

I don't think you really need a variable that is updated via Javascript. You can use PHP to work out how many files have been uploaded by checking the error code. You could handle the file uploads by checking the file extension too, as different browsers can often send different MIME types. Here is an example of what I'm talking about:

$accepted_files = array(
    'jpg',
    'png',
    'gif',
    'jpeg'
);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    foreach($_FILES as $key => $upload) {
     if ($upload['error'] == 0) {
      $file_parts = explode ('.',$upload['name']);
      if (in_array($file_parts[sizeof($file_parts)-1], $accepted_files)) {
       // This type of file is a-ok
      }
      else {
       // Not an accepted file type
      }
     }
    }
}

pmckenna 2009-07-17 14:27:45

I like this method, thanks for the hint.I'll definitely use this on another project i'm working on.

Stann0rz 2009-07-17 16:04:00

+1 for not using unnecessary Javascript, less complex solution is better

Josh 2009-07-17 18:01:22

ansaurus

tags:

views:

answers:

PHP - Looping through $_FILES to check filetype

related questions