|
|
Posted by J.O. Aho on 10/12/64 11:37
Gernot Frisch wrote:
> how can I prevent someone uploading a php script e.g? I want them to
> be able to upload .exe/.zip and images.
You will need to make a check on the extension when the file is uploaded, if
it's something else than .exe/.zip, just delete the file.
/* we assume <input name="uploadFile" type="file"> */
$filename=$_FILES['uploadFile'];
$accepted_endings=array("zip","exe");
if(in_array(substr($filename, -3, 3),$accepted_endings)) {
/* code for accepting and storing the file */
} else {
/* code for deleting the file and give a bad bad message */
}
//Aho
Navigation:
[Reply to this message]
|