here is a code snip i wrote for a tek-tips user a couple of days ago. note that it contains a very crude file type limiter in the $permittedFileTypes variable. just add to that array if you want or remove the check later on in the code. [code] <? function displayForm(){ ?> <style type="text/css"> body, input {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;} input {margin-top: 3px;} label {font-weight:bold;} .message {width:25%; border:dotted red 1px; background-color:#FFE1E1; padding: 5px; margin-left:2px; } .mainForm {width:25%;} </style> <? if (!empty($GLOBALS['message'])): ?> <div class="message"> <?=$GLOBALS['message']?> </div> <? endif; ?> <form method="post" action="<?=$_SERVER['PHP_SELF']?>" enctype="multipart/form-data"> <fieldset class="mainForm" > <legend>Upload file test script</legend> <label>Type your name</label><br/> <input type="text" name="posterName" /><br/> <label>Select file for upload (max 3MB)</label><br/> <input type="hidden" name="MAX_FILE_SIZE" value="3145728"/> <input type="file" name="uploadedFile" /><br/> <input type="submit" name="submit" value="Upload" style="float:right; margin-right: 10px;" /> </fieldset> </form> <? } //test to see whether the form was submitted if (isset($_POST['submit'])): //set up some useful variables //mail parameters $to = " "; $from = " "; $subject = "Test message"; $t = date("j M Y, H:i:s"); $errArray = array( "UPLOAD_ERR_OK", "The uploaded file exceeds the value permitted in php.ini", "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form", "The uploaded file was only partially uploaded", "No file was uploaded", "", "Missing a temporary folder", "Failed to write file to disk" ); $permittedFileTypes = array( "pdf", "doc", "txt"); //pick up the form variables and clean them a bit $name = !empty($_POST['posterName']) ? trim($_POST['posterName']) : "No name provided"; //test to make sure that the file upload was ok, //if not provide the user with a sensible message if ($_FILES['uploadedFile']['error'] !== 0): $GLOBALS['message'] = "File did not upload ok. Error was: ". $errArray[$_FILES['uploadedFile']['error']]; displayForm(); exit; endif; //find out the extension of the uploaded file. //this is not a foolproof method !!!! $pathinfo = pathinfo($_FILES['uploadedFile']['name']); $extension = $pathinfo['extension']; if (!in_array($extension, $permittedFileTypes)): $GLOBALS['message'] = "Forbidden file type uploaded"; displayForm(); endif; //we're pretty much ok at this point so it's time to send the mail //create the message $msg = <<<STR A contact form was uploaded at $t. The user gave his name as $name. The user uploaded a file called {$_FILES['uploadedFile']['name']}. The uploaded file was {$_FILES['uploadedFile']['size']} bytes. STR; //encode the uploaded file for email sending //use base 64 $fileContents = file_get_contents($_FILES['uploadedFile']['tmp_name']); //create a boundary for multipart messages $b = md5(time()); $sep = "\n"; //create the headers for a multipart email $headers = "From: $from$sep"; $headers .= "To: $to$sep"; $headers .= "Return-Path: $from$sep"; $headers .= "MIME-Version: 1.0$sep"; $headers .= "Content-Type: multipart/mixed; boundary=\"$b\"$sep"; $headers .= "$sep"; //add useful information for bad email clients $message = "This is a multi-part message in mime format $sep"; $message .= "$sep"; //create the message part $message .= "--$b$sep"; $message .= "Content-Type: text/plain; charset=\"iso-8859-1\"$sep"; $message .= "Content-Transfer-Encoding: 8bit$sep"; $message .= "$sep"; $message .= $msg; $message .= "$sep"; $message .= "$sep"; //create the attachment part $message .= "--$b$sep"; $message .= "Content-Type: application/octet-stream$sep"; $message .= "Content-Transfer-Encoding: base64$sep"; $message .= "Content-Disposition: attachment; filename=\"{$_FILES['uploadedFile']['name']}\" $sep"; $message .= "$sep"; $message .= chunk_split( base64_encode($fileContents), 76, $sep ); $message .= "$sep"; //finish the mail $message .= "--$b--$sep"; //send the mail $result = @mail($to, $subject,$message, $headers); if ($result): $GLOBALS['message'] = "Mail was sent. Try again?"; else: $GLOBALS['message'] = "Mail was not sent. Try debugging!"; endif; displayForm(); else: displayForm(); endif; ?> [/code]