#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    2

    Returning Errors to index page. ( from upload.php )


    I have an image upload form.. which submits to upload.php
    I'm catching the errors in an error array..

    But how can i return the error array to the index page.. ?

    upload.php page

    PHP Code:
    if(!$file){
        
    $errors[] = 'No File';
    } else {
        
    $image file_get_contents($file);
        
    $image_name $_FILES['image']['name'];
        
    $image_size getimagesize($file);
        
    $image_file_size $_FILES['image']['size'];

        if(
    $image_size == FALSE){
            
    $errors[] = 'Not an image';
        } else {
            if(
    $image_file_size 500000){
                
    $errors[] = 'Image should be smaller then 500kb';
            } else {
                if(
    move_uploaded_file($file$path)){
                    echo 
    'done';
                } else {
                    
    $errors[] = 'Could not upload image';
                }
            }
        }

  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    since your error messages are mutually exclusive, there's no point in storing them in an array (unless there are other possible errors you didn't post). Also note that "== false" in a condition is completely useless. It does exactly the same as the value itself without the "== false" stuff. If you want to check for strict equality with false, you need the "===" operator.

    With regard to usability, you should also display the errors directly in the upload form and give the user a chance to repeat the uploading process. If you do need to display the errors on another page (for whatever reason), simply store them in the session.

    And I hope the upload path is not in the web root? Because if it is, your script is basically a convenient uploader for malicious software. All an attacker has to do is embed his PHP code in some image, give it a ".php" extension, and the web server will happily run it.

    http://nullcandy.com/php-image-uploa...-not-to-do-it/
    http://software-security.sans.org/bl...-file-uploads/
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,378
    Rep Power
    594
    PHP Code:
    for ($i=0$i<count($errors); $i++) {
       echo 
    "$errors[$i]<br />";

    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    since your error messages are mutually exclusive, there's no point in storing them in an array (unless there are other possible errors you didn't post). Also note that "== false" in a condition is completely useless. It does exactly the same as the value itself without the "== false" stuff. If you want to check for strict equality with false, you need the "===" operator.

    With regard to usability, you should also display the errors directly in the upload form and give the user a chance to repeat the uploading process. If you do need to display the errors on another page (for whatever reason), simply store them in the session.

    And I hope the upload path is not in the web root? Because if it is, your script is basically a convenient uploader for malicious software. All an attacker has to do is embed his PHP code in some image, give it a ".php" extension, and the web server will happily run it.

    http://nullcandy.com/php-image-uploa...-not-to-do-it/
    http://software-security.sans.org/bl...-file-uploads/
    Thanks for the response. I want to show the errors on the upload page, but the page where my Form is is the index.php page .. when you submit the form it submit's to -> upload.php ... I want to show the errors on the index.php, where the form is.

    Regarding to the folder location of the uploads. Where would you place it then? thank you very much!

IMN logo majestic logo threadwatch logo seochat tools logo