SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Mar 2007
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Image Upload Script Help.

    I found a script that uploads images:

    PHP Code:
    <?
    //print_r($_POST);

    if($_POST["action"] == "Upload Image")
    {
    unset(
    $imagename);

    if(!isset(
    $_FILES) && isset($HTTP_POST_FILES))
    $_FILES $HTTP_POST_FILES;

    if(!isset(
    $_FILES['image_file']))
    $error["image_file"] = "An image was not found.";


    $imagename basename($_FILES['image_file']['name']);
    //echo $imagename;

    if(empty($imagename))
    $error["imagename"] = "The name of the image was not found.";

    if(empty(
    $error))
    {
    $newimage "images/" $imagename;
    //echo $newimage;
    $result = @move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage);
    if(empty(
    $result))
    $error["result"] = "There was an error moving the uploaded file.";
    }

    }

    include(
    "upload_form.php");

    if(
    is_array($error))
    {
    while(list(
    $key$val) = each($error))
    {
    echo 
    $val;
    echo 
    "<br>\n";
    }
    }

    ?>

    <form method="POST" enctype="multipart/form-data" name="image_upload_form" action="<?$_SERVER["PHP_SELF"];?>">
    <p><input type="file" name="image_file" size="20"></p>
    <p><input type="submit" value="Upload Image" name="action"></p>
    </form>
    Now I want this simply script, however, is it safe, how can I improve the script to only upload files 500kb and lower, be safe, free of viruses, etc because images can have viruses in them, and I want to be able to rename them. I have a php variable that gives out random ID numbers for users, so say if your 893, when you upload the script, $ID would be the variable and automatically change the uploaded image to say 893.jpg within the /images folder.

    Let me know your advice guys, I haven't really seen this kind of subject before.

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    What you want to do is not trivial for a beginner.

    Here's how to give the file a name of your choosing:
    PHP Code:
    ....

    if(empty(
    $imagename))

    $error["imagename"] = "The name of the image was not found.";

    if(empty(
    $error))

    {
    // add your own name here
    $yourname $_GET['id'] . '.jpg';
    // instead of this line 
    //$newimage = "images/" . $imagename;
    // do this
    $newimage "images/" $yourname;

    ...
    //and continue 
    Don't take this the wrong way, but if you can't figure that out on your own the rest of the stuff you want to do is going to involve a steep learning curve.

    You are right to be worried about security.

    Google for php file uploader tutorials, AND print off and read the corresponding php.net pages that deal with this issue.
    http://fr3.php.net/manual/en/features.file-upload.php

    You may also come across a well written group of classes that already do what you want, but how will you know if its well written without learning about it first?
    Try here: www.phpclasses.org

  3. #3
    SitePoint Member
    Join Date
    Mar 2007
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would it be more wise to have them e-mail it to my GMAIL account? Therefore, GMAIL can virus scan it. I have to manually look at the images anyway to see if there is nudity etc but I don't want to spend time learning a new language or classes, etc. I know enough PHP to get by.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •