[fullyloaded]

I been working on this image script for too long now, and I still can't seem to get two things to work - the image type and error handling (if the fields are empty). I have the code for this, but every place I try to add it, it doesn't work for the error handling if i fill one of the file boxes with a image and keep the other two empty and click the upload button the image will still upload even if the other two file boxes are empty as for the file type its letting me upload any file type if anyone can hlp it would be great thanks...

PHP Code:

$error_message="";
$MaxSize = "600000";
if (isset($_POST['btn_update'])){
function createRandomPassword() {
$chars = "abcde!@#%^fghijkmnoABCDEFGHIJKpqrstuvwxyz023456789ABCDEFGHIJKLMNOPQRSTUVWZ!@#%^&";
srand((double)microtime()*10000000);
$i = 0;
$pass = '' ;
while ($i <= 19) {
$num = rand() % 60;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
if ($_FILES['aMyUploads0']['size'] > $MaxSize || $_FILES['aMyUploads1']['size'] > $MaxSize || $_FILES['aMyUploads2']['size'] > $MaxSize)
{
$error_message = "ERROR: File too big!";

}
$aMyUploads = array();
$password = createRandomPassword();
foreach($_FILES as $aFile)
{
$newLocation = 'uploads/'.$password .$aFile["name"];
if(0 === $aFile['error'] && (false !== move_uploaded_file($aFile['tmp_name'], $newLocation)))
{
$aMyUploads[] = $newLocation;
}
else
{
$aMyUploads[] = '';
}
}
$error_message="Journal successfully saved.";
$connection = mysql_connect("localhost", "????", "???");
mysql_select_db("????", $connection);
$insert = "INSERT INTO photos (image1, image2, image3) VALUES
(
' ".$aMyUploads[0]." ',
' ".$aMyUploads[1]." ',
' ".$aMyUploads[2]." '
)";
$add_member = mysql_query($insert) or die(mysql_error());
} 


code i been trying to add:

PHP Code:

// ERROR HANDLING CODE:
if (empty($_FILES) || empty($_FILES['aMyUploads0']) || empty($_FILES['aMyUploads1']) || empty($_FILES['aMyUploads2']))
{
    // Handle error
}

// IMAGE TYPE CODE:

$allowed_filetypes = array("jpg", "gif", "jpeg", "png");

$ext = pathinfo($aFile['name'], PATHINFO_EXTENSION);
if (!in_array($ext, $allowed_filetypes))
{
    // Handle error
} 


[pein87]

You need to check if its empty before doing anything else. That way it breaks out of the code. Everything else needs to be nested in an else statement so it only runs if those conditions are met.

PHP Code:

// variable and function declarations above

if(empty($_FILES))
{
// handle error of no file being sent
}
else
{
// has data do work and other stuff to get image where it needs to be

} 


Also your using the password as a directory without creating it.

PHP Code:

$passDir = mkdir("uploads/" . $password);
$pFlag = 0;

if($passDir)
{
 $pFlag = 1;
}
else
{
$pFlag = 0;
}

if($pFlag > 0)
{
// move file here
}
else
{
// return folder not there
} 


Just a suggestion, and you need to sub-string the files name to get the extension type.

[Alex.Gabriel]

Here it is , it should work but since is almost 00.00 i`l go to sleep and i let you test it
Is any error is generated and you can't fix it post it here and somebody or me will fix it.

PHP Code:

<?php
$error_message="";
$MaxSize = "600000";
if (isset($_POST['btn_update'])){
function createRandomPassword() {
$chars = "abcde!@#%^fghijkmnoABCDEFGHIJKpqrstuvwxyz023456789ABCDEFGHIJKLMNOPQRSTUVWZ!@#%^&";
srand((double)microtime()*10000000);
$i = 0;
$pass = '' ;
while ($i <= 19) {
$num = rand() % 60;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
//checking empty files
if (empty($_FILES) || empty($_FILES['aMyUploads0']) || empty($_FILES['aMyUploads1']) || empty($_FILES['aMyUploads2']))
{
    echo 'Please select a file to upload';
    exit();
    //exit if empty file is detected
}
else 
{
if ($_FILES['aMyUploads0']['size'] > $MaxSize || $_FILES['aMyUploads1']['size'] > $MaxSize || $_FILES['aMyUploads2']['size'] > $MaxSize)
{
$error_message = "ERROR: File too big!";
//enable exit if you want to terminate when a file is bigger than Maxsize
//exit(); //added exit since even if filesize is larger than accepted the rest of the code is executed.

}} 
else { //if everything is ok


$aMyUploads = array();
$password = createRandomPassword();
foreach($_FILES as $aFile)
{
//check extension
$allowed_filetypes = array("jpg", "gif", "jpeg", "png");

$ext = pathinfo($aFile['name'], PATHINFO_EXTENSION);
if (!in_array($ext, $allowed_filetypes))
{
    echo 'illegal file type';
    exit();
}
else
{
$upload_directory= mkdir("uploads/$password/");
$newLocation = $upload_directory.$aFile["name"];
if(0 === $aFile['error'] && (false !== move_uploaded_file($aFile['tmp_name'], $newLocation)))
{
$aMyUploads[] = $newLocation;
}
else
{
$aMyUploads[] = '';
}
}
$error_message="Journal successfully saved.";
$connection = mysql_connect("localhost", "????", "???");
mysql_select_db("????", $connection);
$insert = "INSERT INTO photos (image1, image2, image3) VALUES
(
' ".$aMyUploads[0]." ',
' ".$aMyUploads[1]." ',
' ".$aMyUploads[2]." '
)";
mysql_query($insert) or die(mysql_error());
}  } }
?>