SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Feb 2005
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    File Upload correct???

    OK, I have file uploading working on one section but it only allows .jpg so I never had to worry about the file extension...

    but now I have another that allows any file type but is the file name option below correct to include the file extension in the filename???

    $file_name = $_FILES['imagefile']['name'];

    Cheers

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    you would be better using $_FILES['filename']['type']
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2004
    Location
    K.S.A
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ
    you would be better using $_FILES['filename']['type']
    ok, I've read this many times and I don't think it's any better!
    the reason is if you had an ASCII php file with extension .jpg, what are the chances of this file being parsed and executed by just trying to access it in a browser?

    I could be wrong, so please tell me why would it be any better!

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    You are quite correct that a php file with a .jpg extension could be parsed by the browser which is why along with the $_FILES['filename']['type'] you would also check the mime type.
    Although neither of these are foolproof, you would need someone really malicious to mess it up.

    Also the other threads attatched with tooxic's project have been built around the $_FILES['filename'] functions so it would be easy to drop it in!

    Mike
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    SitePoint Evangelist
    Join Date
    Nov 2001
    Location
    UK
    Posts
    466
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A php script with a .jpg extension would still return a $_FILES['filename']['type'] value of 'text/plain' unless the uploading browser did not support sending mimetypes.

    Another option, if you are only interested in images is

    $f_type = getimagesize($_FILES['filename']['tmp_name']);
    if ($f_type[2] < 4 and $f_type[2] > 0) {
    // valid image
    } else ......

    Coded from memory, so check the 1=gif,2=jpeg,3=ping concept of the if statement.
    teckis - that's news to me.

  6. #6
    SitePoint Zealot
    Join Date
    Feb 2005
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so $_FILES['filename']['type'] would return the extension??? (.doc, .jpg and so on)

  7. #7
    SitePoint Zealot
    Join Date
    Feb 2005
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, got the extension sorted, but does anyone know where I can get a list of file types so I can make the script put the icons for the types?

  8. #8
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  9. #9
    SitePoint Zealot
    Join Date
    Feb 2005
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks spikez....


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •