i am checking to screen any file that is not a image coming in from a form like this but im getting a Strict Standards message.
can anyone help out on how to avoid this?



$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'index.php';
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'index.php';
// name of the fieldname used for the file in the HTML form
$fieldname = 'uploadedfile';// input field name from form

$file = $_FILES[$fieldname];

$allowedExtensions = array("png", "jpg", "jpeg");

function isAllowedExtension($fileName) {
global $allowedExtensions;

return in_array(end(explode(".", $fileName)), $allowedExtensions);//<< Strict Standards: Only variables should be passed by reference
}

if($file['error'] == UPLOAD_ERR_OK) {
if(isAllowedExtension($file['name'])) {
# Do uploading here
echo '1';
} else {
echo "Invalid file type";
}
} else die("Cannot upload");

Ignore the strict standards message. They're nearly useless and unimportant.

If you want to terminate all strict warnings on all PHP files, you need to modify your php.ini error_reporting line to something like this:


error_reporting = E_ALL ^ E_STRICT


If you just want that page to not show strict standards warnings, put this at the beginning of your PHP code:


error_reporting(E_ALL ^ E_STRICT);

i have a session so i placed it right underneath like this but still getting the message
Strict Standards: Only variables should be passed by reference in


session_start();
error_reporting(E_ALL ^ E_STRICT);

jShor is right in that it won't cause any harm in this case, but if you want to defeat the error message, just assign the function value to a variable before using end()

$explode = explode(".", $fileName)
return in_array(end($explode), $allowedExtensions);

thanks guys, traq, how does this differ?


$explode = explode(".", $fileName)
return in_array(end($explode), $allowedExtensions);

vs


return in_array(end(explode(".", $fileName)), $allowedExtensions);

I think you mean something like this:


$explode = explode(".", $fileName);
$ret = in_array(end($explode), $allowedExtensions);

return $ret;


According to the warning, only variables should be passed by reference, which means you can pass a variable in the argument, but not the result of a function directly. So you would need to store what is returned by your explode() function in a variable, and then return that variable.

in this case, "pass by reference" means that the function ( end() ) is working on the actual value of the variable, and not a copy. It's a little complex to get your head around, but take this example:

$a = "a";
$b = $a;
// both $a and $b will print "a".
// however, if (later on) you do this:
$a = "A";
// then $a will print "A" but $b will still print "a".
// if, however, you make a reference:
$A = "a";
$B &= $A;
// $A and $B will both print "a".
// HOWEVER, they don't merely have identical values;
// they have literally the _SAME_ value. If (later on) you do this:
$A = "b";
// then _both_ $A and $B will print "b".

// similar idea with functions.
// end() works on the actual, original value of whatever you pass it,
// instead of just using the same value and returning something.
The "problem" with passing things other than variables by reference is that the result is "undefined." what's that mean? I don't know exactly. It usually works, but can cause other problems. Read more here (http://php.net/manual/en/language.references.pass.php).