PHP $ _FILES [''] is empty before validation [closed]

Navigation
0

Good,

I have a problem with my code, I have an image upload and I have defined that the size should be less than 2MB and 280 x 280 px.

What happens is that when an image is uploaded $ _FILES ['avatar'] ['tmp_name'] ceases to exist, but only when the image is greater than 2 MB and does not output this error. And if it is less than 2MB but over 280x280 px, it gives the output of this correct error.

And I'm not using the input MAX_UPLOAD_SIZE I think that's what it's called. Here's the input: 

<form enctype="multipart/form-data" action="perfil.php" method="POST" role="form">
<input type="file" name="avatar" accept="image/x-png, image/gif, image/jpeg" onchange="av()" data-placement="bottom" data-toggle="tooltip" title="Limite 2MB"></div>

Here's the PHP code, 

define('MB', 1048576);
if(isset($_POST['avatar'])){
$img = true;
$nome = $_SESSION["tipo"].$_SESSION["id"];
$uploaddir = "C:/Program Files (x86)/VertrigoServ/www/teste/avatar/";
$uploadfile = $uploaddir . basename($_FILES['avatar']['name']);
$imageFileType = pathinfo($uploadfile,PATHINFO_EXTENSION);
$upFinal = $uploaddir . $nome . "." . $imageFileType;
$uploadOk = 1;

  if(filesize($_FILES["avatar"]["size"]) > 2*MB) {
    $size = true;
    $uploadOk = 0;
  }

  if(!empty($_FILES['avatar']['tmp_name'])){
    $imgS = getimagesize($_FILES['avatar']['tmp_name']);
    $imgW = $imgS[0];
    $imgH = $imgS[1];
    if($imgW > 280 || $imgH > 280){
      $pixels = true;
      $uploadOk = 0;
    }
  }

  if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ){
    $type = true;
    $uploadOk = 0;
  }

  if ($uploadOk == 1){
    if(move_uploaded_file($_FILES["avatar"]["tmp_name"], $upFinal)) {
      $up = true;
      $avatar= "/empregos/docs/". $nome . "." . $imageFileType;
      mysqli_query($mysqli,"UPDATE candidatos SET avatar= '$avatar' WHERE id = '$id'");
      header("Location:login.php?update=".$_SESSION['tipo']."");
      }
    }
 }
    
asked by anonymous 28.08.2015 / 18:36

3 answers

1

In the global variable $_FILES[] , before making any kind of access to the parameters, you should check the value of the error parameter.

Example 

if( $_FILES["avatar"]['error'] != UPLOAD_ERR_OK )
{
    /*
    Houve erro
    */
    echo 'código de erro do upload: ' . $_FILES["avatar"]['error'];
    exit; // interrompe outras execuções
}

See the error codes in the documentation: link

    
28.08.2015 / 19:15
2

Note that the function filesize () returns the bit length of a file, and takes the path of that file as a parameter (if I am not mistaken). So this line is not correct: 

if(filesize($_FILES["avatar"]["size"]) > 2*MB) {

It should be something like this: 

if ($_FILES["avatar"]["size"] > 2*MB) {

In addition, as @Daniel Omine mentioned, it is also better to validate the errors: link

    
28.08.2015 / 21:33
0
  

UPDATED

2*MB = 2097152 Equivalent at 2048 Mb

So you condition that if(filesize($_FILES["avatar"]["size"]) must be greater than 2097152 to be able to do so:

$size = true;
$uploadOk = 0;

So, under these conditions, an uploaded image whose image contains a

28.08.2015 / 19:04
Problems with javascript when reading getElementByID in IE and Chrome Problem loading data from a table with angularjs and api rails