Posted by Rik on 09/28/91 11:45

Kerry wrote:
> Hi,
>
> I use the simple PHP script below with an html file for my visitors to
> upload files.
>
> I'd like to make it more secure by either allowing or denying certain
> files. I've tried adding more code but I can't get anything to work.
>
> I'm not an expert, but know it's probably only a couple of simple
> lines of code that will do the trick.
>
> TIA to anyone that can offer a solution.

Note: extensions/header/content-types can be faked, but still worth checking
most of the time.

As far as is can see you're uploading images. A pretty reliable method te
check if a file is an image is using getimagesize() on the file, and
checking the values. Offcourse that's not the purpose of the function, but
does the trick, and as a bonus filters out broken/partial images most of the
time.

Grtz,
--
Rik Wasmus

• Next in forum: Re: Populating a mysql db from txt file with php
• Prev in forum: Re: how much data can you pump into longblob from textarea?
• Thread view: Re: Security solution needed for file uploader code

[Reply to this message]