Results 1 to 7 of 7

Thread: file upload check

  1. #1
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default file upload check

    i am checking to screen any file that is not a image coming in from a form like this but im getting a Strict Standards message.
    can anyone help out on how to avoid this?

    Code:
    $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
    $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';
    $uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'index.php';
    $uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'index.php';
    // name of the fieldname used for the file in the HTML form
    $fieldname = 'uploadedfile';// input field name from form
    
    $file = $_FILES[$fieldname];
    
    $allowedExtensions = array("png", "jpg", "jpeg");
    
    function isAllowedExtension($fileName) {
      global $allowedExtensions;
    
      return in_array(end(explode(".", $fileName)), $allowedExtensions);//<< Strict Standards: Only variables should be passed by reference
    }
    
    if($file['error'] == UPLOAD_ERR_OK) {
      if(isAllowedExtension($file['name'])) {
        # Do uploading here
    	echo '1';
      } else {
        echo "Invalid file type";
      }
    } else die("Cannot upload");
    Last edited by ggalan; 09-17-2011 at 10:16 PM.

  2. #2
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

    Default

    Ignore the strict standards message. They're nearly useless and unimportant.

    If you want to terminate all strict warnings on all PHP files, you need to modify your php.ini error_reporting line to something like this:
    Code:
    error_reporting = E_ALL ^ E_STRICT
    If you just want that page to not show strict standards warnings, put this at the beginning of your PHP code:
    PHP Code:
    error_reporting(E_ALL E_STRICT); 
    - Josh

  3. The Following User Says Thank You to JShor For This Useful Post:

    ggalan (09-17-2011)

  4. #3
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    i have a session so i placed it right underneath like this but still getting the message
    Strict Standards: Only variables should be passed by reference in
    Code:
    session_start();
    error_reporting(E_ALL ^ E_STRICT);

  5. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    jShor is right in that it won't cause any harm in this case, but if you want to defeat the error message, just assign the function value to a variable before using end()
    PHP Code:
    $explode explode("."$fileName)
    return 
    in_array(end($explode), $allowedExtensions); 

  6. The Following User Says Thank You to traq For This Useful Post:

    ggalan (09-17-2011)

  7. #5
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    thanks guys, traq, how does this differ?
    Code:
    $explode = explode(".", $fileName)
    return in_array(end($explode), $allowedExtensions);
    vs
    Code:
    return in_array(end(explode(".", $fileName)), $allowedExtensions);

  8. #6
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

    Default

    I think you mean something like this:
    PHP Code:
    $explode explode("."$fileName);
    $ret in_array(end($explode), $allowedExtensions);

    return 
    $ret
    According to the warning, only variables should be passed by reference, which means you can pass a variable in the argument, but not the result of a function directly. So you would need to store what is returned by your explode() function in a variable, and then return that variable.
    - Josh

  9. The Following User Says Thank You to JShor For This Useful Post:

    ggalan (09-18-2011)

  10. #7
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    in this case, "pass by reference" means that the function ( end() ) is working on the actual value of the variable, and not a copy. It's a little complex to get your head around, but take this example:
    PHP Code:
    $a "a";
    $b $a;
    // both $a and $b will print "a".
    // however, if (later on) you do this:
    $a "A";
    // then $a will print "A" but $b will still print "a".
    // if, however, you make a reference:
    $A "a";
    $B &= $A;
    // $A and $B will both print "a".  
    // HOWEVER, they don't merely have identical values; 
    // they have literally the _SAME_ value.  If (later on) you do this:
    $A "b";
    // then _both_ $A and $B will print "b".

    // similar idea with functions.
    // end() works on the actual, original value of whatever you pass it,
    // instead of just using the same value and returning something. 
    The "problem" with passing things other than variables by reference is that the result is "undefined." what's that mean? I don't know exactly. It usually works, but can cause other problems. Read more here.

  11. The Following User Says Thank You to traq For This Useful Post:

    ggalan (09-18-2011)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •