I have written a PHP script to upload files. But when I press the submit button it gives an error message:
Strict Standards: Only variables should be passed by reference in H:\xampp\htdocs\phpTest\upload_file.php on line 4.
line 4 is $extension = end(explode(“.”, $_FILES[“file”][“name”]));
upload_file.php:
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
$target_Path = "images/";
$target_Path = $target_Path.basename( $_FILES['file']['name'] );
move_uploaded_file( $_FILES['file']['tmp_name'], $target_Path );
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
echo $target_Path;
}
}
else
{
echo "Invalid file";
}
?>
You’re trying to do
end()on an array which only exists within the context of that function call. Once that line of code is done, the array will cease to exist. Try this instead:That being said, this is a poor way to go about extracting a file extension, and is also highly insecure. The filename provided in the $_FILES array is the filename as given by the remote client. It is beyond trivial to forge that filename, allowing the user to upload ‘nastyvirus.exe’ but send out ‘cutekittens.jpg’ as the filename.
Do not EVER trust user-side data, particularly for file uploads. Use server-side MIME-type determination via fileinfo