|
|
Posted by Don Khuth on 06/14/31 11:43
"powerx" <not@withheld.com> wrote in message
news:442726fa$0$8338$da0feed9@news.zen.co.uk...
> Hi All,
>
> Wonder if you could help me out at all?
> Been learning PHP (with MySQL) and have put together an admin style script
> for my website. As part of the script, I want users to be able to upload
> images (Jpegs) to a max pixel size and file size. I've also been learning
> about the security side of things, which is where I'm coming unstuck.
>
> I understand that I need to check that the uploaded file is actually a
> Jpeg and not rely on the fact that it should be.
> Question is, how do I do this and should I check the file before I move it
> from the $_FILES to the location on my webspace or afterwards.
>
> Any hints, links or code snippets would be appreciated.
> I want to only accept genuine jpegs within the constraints and send an
> error message for all other occurrances.
>
> regards
>
> prx
<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="userfile" />
<input type="submit" name="submit" value="Upload" />
</form>
<?php
if($_FILES["userfile"]{"type"} == "image/jpeg") {
//file is accepted
} else {
//send an error message
}
?>
You can try echoing out the stuff inside $_FILES["userfile"]{"type"} if
you want to accept other types.
Navigation:
[Reply to this message]
|