johnsmith153 Posted June 7, 2008 Share Posted June 7, 2008 Please have a look at my code and see if you think this is good enough for a website which needs good to very good security (but I'm not a banking site so dont need/expect Outstanding security and workload) Users will upload profile photos and other photos. This is all my code to allow a user to upload photos. $filenametouse = $_FILES["formname"]["name"]; $file_basename = substr($filenametouse, 0, strripos($filenametouse, '.')); // strip extention out $file_ext = substr($filenametouse, strripos($filenametouse, '.')); //extension only $createfoldername="/home/accountname/public_html/photos/".gmdate("my")."/";//stored in photos/0608/ for this months uploads if(is_dir($createfoldername)) {} else{mkdir($createfoldername, 0777);} $pathtosaveto = $createfoldername.time().rand(10000000000,99999999999).$file_ext; if ((($_FILES["formname"]["type"] == "image/tif") || ($_FILES["formname"]["type"] == "image/tiff") || ($_FILES["formname"]["type"] == "image/jpeg") || ($_FILES["formname"]["type"] == "image/pjpeg") || ($_FILES["formname"]["type"] == "image/gif") || ($_FILES["formname"]["type"] == "image/jpg") || ($_FILES["formname"]["type"] == "image/png") || ($_FILES["formname"]["type"] == "image/bmp")) && ($_FILES["formname"]["size"] < 10737418240))//The size, in bytes, of the uploaded file. //allow up to 10mb file upload { if ($_FILES["formname"]["error"] > 0) { echo "Return Code: " . $_FILES["formname"]["error"] . "<br />";exit;//The error code associated with this file upload. } else { echo "Upload: " . $_FILES["formname"]["name"] . "<br />"; echo "Type: " . $_FILES["formname"]["type"] . "<br />"; echo "Size: " . ($_FILES["formname"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["formname"]["tmp_name"] . "<br />"; if (file_exists($pathtosaveto)) { echo $_FILES["formname"]["name"] . " already exists. "; } else{ if(move_uploaded_file($_FILES["formname"]['tmp_name'], $pathtosaveto)) { echo "The file named '". $file_basename. "' has been uploaded"; } else{ echo "There was an error uploading the file, please try again!";} } } } else { echo "Invalid file type or size."; exit; } Link to comment https://forums.phpfreaks.com/topic/109079-please-have-a-look-at-my-_files-file-upload-code/ Share on other sites More sharing options...
phpSensei Posted June 7, 2008 Share Posted June 7, 2008 Did you get this script from http://w3schools.com/? looks similar <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?>g Link to comment https://forums.phpfreaks.com/topic/109079-please-have-a-look-at-my-_files-file-upload-code/#findComment-559831 Share on other sites More sharing options...
serverman Posted June 7, 2008 Share Posted June 7, 2008 looks like a working rebuild of w3schools ... just add <?php // based on w3schools image upload script ?> Link to comment https://forums.phpfreaks.com/topic/109079-please-have-a-look-at-my-_files-file-upload-code/#findComment-560106 Share on other sites More sharing options...
Recommended Posts