HTML/PHP File Upload

Question

So i want the user to only be able to upload docs or docx's. So first here's my html:

<form action="upload_file.php" method="post" enctype="multipart/form-data">
    Select a file: <input type="file" name="img">
    <input type="submit">
</form>

And here's my php:

$allowedExts = array("doc", "docx");
    $extension = end(explode(".", $_FILES["file"]["name"]));

    if ($extension!=".doc" || $extension!=".doc"
    && ($_FILES["file"]["size"] < 200000)
    && in_array($extension, $allowedExts)) {
        if ($_FILES["file"]["error"] > 0)
        {
            echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
        }
        else
        {
            echo "Upload: " . $_FILES["file"]["name"] . "<br />";
            echo "Type: " . $_FILES["file"]["type"] . "<br />";
            echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
            echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

            if (file_exists("Proposals/" . $_FILES["file"]["name"]))
            {
                echo $_FILES["file"]["name"] . " already exists. ";
            }
            else
            {
                move_uploaded_file($_FILES["file"]["tmp_name"],
                "Proposals/" . $_FILES["file"]["name"]);
                echo "Stored in: " . "Proposals/" . $_FILES["file"]["name"];
            }
        }
    } else {
        echo "Invalid file";
    }

Everytime I try to upload a file, whether it's a doc or a png it outputs this:

Upload: 
Type: 
Size: 0 Kb
Temp file: 
already exists.

And nothing ends up getting uploaded to the Proposals folder. So I have 2 questions:
1) what is the problem with my code?
2) it redirects to upload_file.php and displays a message. Is there a way to actually go back the main page and display text that it was successful?

Answer 1

The first question has already been answered so I won't answer it again.

2) it redirects to upload_file.php and displays a message. Is there a way to actually go back the main page and display text that it was successful?

It is normally better to show the success message on the redirected page but you can solve this two ways:

• Store the previous URL (or know it) and redirect to it with header("Location: old_page.php");
• Make the target of the form an iframe. This means the main page itself will not redirect and you can just bubble a response from upload_file.php (which will load in the iframe) making seamless uploading for your app.

Also this is not the best way to get a file extension:

$extension = end(explode(".", $_FILES["file"]["name"]));

Try using pathinfo instead: http://php.net/manual/en/function.pathinfo.php

$extension = pathinfo( $_FILES["file"]["name"], PATHINFO_EXTENSION);

And your if statement:

if ($extension!=".doc" || $extension!=".doc"
    && ($_FILES["file"]["size"] < 200000)
    && in_array($extension, $allowedExts)) {

Even though this is a tiny usage of in_array I still would recommend taking that out and using a more practical method of searching arrays: http://php.net/manual/en/function.array-search.php

So your if would become something like:

if (($_FILES["file"]["size"] < 200000) && array_search($extension, $allowedExts)!==false) {

Answer 2

Your file field name is img and you have used $_FILES["file"] , but it should be $_FILES["img"] .

Also you need to change your if condition

if (($_FILES["file"]["size"] < 200000)
    && in_array($extension, $allowedExts)) {

There is no need of

$extension!=".doc" || $extension!=".doc" &&

Answer 3

您必须使用$_FILES["img"]而不是$_FILES["file"]或将您的输入名称重命名为“file”。

Answer 4

change

$extension!=".doc" || $extension!=".doc"

to

$extension!=".doc" || $extension!=".docx"

and use $_FILES['img'] instead of $_FILES['file'] because your file type is having img name property.

Answer 5

1. Try to use $_FILES["img"] array to access uploaded file properties (your "Select a file" input called "img").

2. You may use "Location" http header to redirect back to source page.