Explanation of file upload code

[abhi_madhani]

Hi, Friends

 

I am using a file upload utility, can anyone please shed some light on the working of this code, especially on the copy function.

 

$max_size = '2097152';

if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big!  Try again...</b>");

copy($_FILES["picone"]["tmp_name"],$imagelocation.$_FILES["picone"]["name"]) or die("<b>Unknown error!</b>");

 

Regards,

Abhishek

[stuartbates]

$max_size = '2097152';

 

Simply defines a variable holding a value for the maximum size of any uploaded file.

 

if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big!  Try again...</b>");

 

Conditional to check if the size of the uploaded file is greater than the maximum allowed filesize defined in step 1

 

copy($_FILES["picone"]["tmp_name"],$imagelocation.$_FILES["picone"]["name"]) or die("<b>Unknown error!</b>");

 

This takes the uploaded file and copies it from the tmp file where uploads are stored into the destination you define.  However this is poor coding.  You should not use the copy function in this way as it represents a security risk.  A malicious user could simply forge a HTTP request and force your script to move files on your server to the uploads directory.  Instead you should use move_uploaded_file:

 

This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

 

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.