0

I wrote this code to be able to upload a file that its <=10 MB in a folder on my server and also send its name to the database so that later I'll be able to generate the link to access that file.

My problem is that if the $fileSize its > 10MB it won't execute the move_uploaded_file but it will execute the query to the database and it will INSERT an entry with the file name (so i will have records to in-existing files). I think this happens because the $errMSG comes empty for that condition.

Can you have a look? Thank You!

require_once ('db.php');

if (array_key_exists('check_submit', $_POST)) {

    $userFile = $_FILES['cv']['name'];
    $tmp_dir = $_FILES['cv']['tmp_name'];
    $fileSize = $_FILES['cv']['size'];

    if (empty($userFile)) {
       echo  $errMSG = "Please Select File.";
    } else {
        $upload_dir = './files/'; // upload directory

        $fileExt = strtolower(pathinfo($userFile, PATHINFO_EXTENSION)); // get file extension

        // valid image extensions
        $valid_extensions = array('doc', 'docx', 'pdf', 'ppt','pptx','txt','jpeg','jpg','png'); // valid extensions

        // rename uploading image
        $userFileName = rand(1000, 1000000) . "." . $fileExt;

        // allow valid image file formats
        if (in_array($fileExt, $valid_extensions,$fileSize <= 10000000) ){
            // Check file size '10MB
            move_uploaded_file($tmp_dir, $upload_dir . $userFileName);
        } else {
              echo $errMSG = "Sorry, your file is too large or its not JPG JPEG PNG PDF DOC DOX TXT.";
        }
    }
}
if(!isset($errMSG)) {
    $stmt = $DB_con->prepare('INSERT INTO files (filename) VALUES(:filename)');
    $stmt->bindParam(':filename',$userFileName);
    if($stmt->execute())
    {
        $successMSG = "new record succesfully inserted ...";
        header("refresh:5;index.php"); 
    }
    else
    {
        $errMSG = "error while inserting....";
    }
}
Improve this question
9
  • you are uploading more than one file ? Commented Sep 11, 2016 at 14:50
  • The 3rd parameter in in_array() is for strict comparison (including the variable type), it is not related in any way to file sizes or limits. Commented Sep 11, 2016 at 14:51
  • Just one file @odai Commented Sep 11, 2016 at 14:51
  • @jeroen Used this if (in_array($fileExt, $valid_extensions) && $fileSize <= 10000000) The file its still kept not sent to the server but it executes the INSERT query Commented Sep 11, 2016 at 14:57
  • add a variable after {if (array_key_exists('check_submit', $_POST))} with a defualt value false and change it to true after $errMSG and make the condition using it Commented Sep 11, 2016 at 15:00

1 Answer 1

Reset to default
2

The 3rd parameter for in_array() is for strict comparison (including the variable type), it is not related in any way to file sizes or limits.

So instead of this:

if (in_array($fileExt, $valid_extensions,$fileSize <= 10000000) ){

You probably want something like this:

if (in_array($fileExt, $valid_extensions) && $fileSize <= 10000000) {

Edit: Based on the comments below the question, your upload has failed: [error] => 2. That should be 0 / UPLOAD_ERR_OK for a successful upload.

Instead of checking for a non-empty name, you should check for a successful upload instead:

if ($_FILES['cv']['error'] !== UPLOAD_ERR_OK) {
    // the upload has failed
} else {
    ...
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I did that at first and it failed on me. Lets try again
I did this again and It runs my query for INSERT and also the validation doesn't echo the err message echo $errMSG = "Sorry, your file is too large ..... I`ve tried to upload an 101 MB pdf..

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.