Jump to content

Recommended Posts

are you on a linux or windows server? i didn't/'s (froward slashes) were allowed on windows but:

<?php
unlink("Boys Don/'t Cry");
?>

should remove your file.

i would advise adding something to your upload script to remove all bad chars.

 

Scott.

 

 

That worked perfectly! Yeah I need to restrict the input! Anyway I can do this? Here's my upload form:

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="checkupload.php" method="POST">
   <!-- MAX_FILE_SIZE must precede the file input field -->
   <input type="hidden" name="MAX_FILE_SIZE" value="104857600" />
   <!-- Name of input element determines name in $_FILES array -->
   Send this file: <input name="uploaded_file" type="file" />
   <input type="submit" value="Send File" />
</form>

 

Here's the checkupload.php:

 

<?php
//check that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
  //check if the file is JPEG image and it's size is less than 350Kb
  $name = basename($_FILES['uploaded_file']['name']);
  $filename = str_replace("'","",$name);
  $ext = substr($filename, strrpos($filename, '.') + 1);
  if (($ext == "mp3") && ($_FILES["uploaded_file"]["type"] == "audio/mpeg") && 
    ($_FILES["uploaded_file"]["size"] < 104857600)) {
    //Determine the path to which we want to save this file
      $newname = dirname(__FILE__).'/uploads/'.$filename;
      //Check if the file with the same name is already exists on the server
      if (!file_exists($newname)) {
        //Attempt to move the uploaded file to it's new place
        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
           echo "It's done! The file has been saved as: ".$newname;
        } else {
           echo "Error: A problem occurred during file upload!";
        }
      } else {
         echo "Error: File ".$filename." already exists".$_FILES['uploaded_file']['name']."";
      }
  } else {
     echo "Error: Only .mp3 songs under 100MB are accepted for upload ".basename($_FILES['uploaded_file']['name'])."";
  }
} else {
echo "Error: No file uploaded";
}
?>

 

Thanks Scott!

 

Snoobs

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.