HTML/PHP File Upload

Question

So i want the user to only be able to upload docs or docx\'s. So first here\'s my html:

Answer 1

The first question has already been answered so I won't answer it again.

2) it redirects to upload_file.php and displays a message. Is there a way to actually go back the main page and display text that it was successful?

It is normally better to show the success message on the redirected page but you can solve this two ways:

• Store the previous URL (or know it) and redirect to it with header("Location: old_page.php");
• Make the target of the form an iframe. This means the main page itself will not redirect and you can just bubble a response from upload_file.php (which will load in the iframe) making seamless uploading for your app.

Also this is not the best way to get a file extension:

$extension = end(explode(".", $_FILES["file"]["name"]));

Try using pathinfo instead: http://php.net/manual/en/function.pathinfo.php

$extension = pathinfo( $_FILES["file"]["name"], PATHINFO_EXTENSION);

And your if statement:

if ($extension!=".doc" || $extension!=".doc"
    && ($_FILES["file"]["size"] < 200000)
    && in_array($extension, $allowedExts)) {

Even though this is a tiny usage of in_array I still would recommend taking that out and using a more practical method of searching arrays: http://php.net/manual/en/function.array-search.php

So your if would become something like:

if (($_FILES["file"]["size"] < 200000) && array_search($extension, $allowedExts)!==false) {