Strict Standards Error while image upload with PHP script

https://stackoverflow.com/questions/17344453

01-06-2022
|

Question

I try to write an image uploader with php. But it is giving an error when I try.

Error is:

Strict Standards: Only variables should be passed by reference in C:\xx\xx\xx\profile_image_upload_script.php on line 10

Line 10 is: $extension = end(explode(".", $file_name_encrypted));

image upload script

<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");

$file_name = $_FILES["file"]["name"];
echo "File name:".$file_name;

$file_name_encrypted = $file_name."".md5(rand(1, 1000000));


$extension = end(explode(".", $file_name_encrypted));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 2097152) // 2 MB
&& in_array($extension, $allowedExts))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
  else
    {
    echo "Upload: " . $file_name_encrypted . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 1024*1024) . " MB<br>";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

    if (file_exists("upload/" . $file_name_encrypted))
      {
      echo $file_name_encrypted . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $file_name_encrypted);
      echo "Stored in: " . "upload/" . $file_name_encrypted;
      }
    }
  }
else
  {
  echo "Invalid file";
  echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
  }
?>

Note: script is getting file name from html form, there is no problem

Solution

Note $file_name_encrypted will not contain a real or matchable extension, because your appending the filename with md5:

$file_name_encrypted = $file_name."".md5(rand(1, 1000000));

e.g filename.jpg79054025255fb1a26e4bc422aef54eb4

So it will never match any in your $allowedExts array. Fix that then:

Change that line too:

$extension = pathinfo($file_name_encrypted, PATHINFO_EXTENSION);

Or explode then pass the exploded to the end() function.

$temp = explode(".", $file_name_encrypted);
$extension = end($temp);

OTHER TIPS

The way to fix this is to explode first then use that array in end. end() needs to get its parameter passed by reference because it manipulates internal pointer but if there is no variable reference it will not work correctly.
Try this
$array = explode(".", $file_name_encrypted);
then
$extension = end($array);

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow