1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
| // On vérifie si la variable existe et sinon elle vaut NULL
$nom = isset($_POST['nom']) ? $_POST['nom'] : NULL;
$prenom = isset($_POST['prenom']) ? $_POST['prenom'] : NULL;
$ladate = isset($_POST['ladate']) ? $_POST['ladate'] : NULL;
$numsecu = isset($_POST['numsecu']) ? $_POST['numsecu'] : NULL;
if(isset($_FILES['file'])){
$tmpName = $_FILES['file']['tmp_name'];
$name = $_FILES['file']['name'];
$size = $_FILES['file']['size'];
$error = $_FILES['file']['error'];
$tabExtension = explode('.', $name);
$extension = strtolower(end($tabExtension));
//Tableau des extensions que l'on accepte
$extensions = ['jpg', 'png', 'jpeg', 'gif'];
//Taille max que l'on accepte
$maxSize = 400000;
if(in_array($extension, $extensions) && $size <= $maxSize && $error == 0){
$uniqueName = uniqid('', true);
//uniqid génère quelque chose comme ca : 5f586bf96dcd38.73540086
$file = $uniqueName.".".$extension;
//$file = 5f586bf96dcd38.73540086.jpg
move_uploaded_file($tmpName, 'uploads/'.$file);
$sql = "INSERT INTO users (nom, prenom, ladate, numsecu, monfichier) VALUES (?,?,?,?,?)";
$stmt= $pdo->prepare($sql);
$stmt->execute([$nom, $prenom, $ladate, $numsecu, $file]);
}
else{
echo "Mauvaise extension";
}
} |
Partager