Jump to content

Explanation of file upload code


abhi_madhani

Recommended Posts

Hi, Friends

 

I am using a file upload utility, can anyone please shed some light on the working of this code, especially on the copy function.

 

$max_size = '2097152';

if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big!  Try again...</b>");

copy($_FILES["picone"]["tmp_name"],$imagelocation.$_FILES["picone"]["name"]) or die("<b>Unknown error!</b>");

 

Regards,

Abhishek

Link to comment
Share on other sites

$max_size = '2097152';

 

Simply defines a variable holding a value for the maximum size of any uploaded file.

 

if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big!  Try again...</b>");

 

Conditional to check if the size of the uploaded file is greater than the maximum allowed filesize defined in step 1

 

copy($_FILES["picone"]["tmp_name"],$imagelocation.$_FILES["picone"]["name"]) or die("<b>Unknown error!</b>");

 

This takes the uploaded file and copies it from the tmp file where uploads are stored into the destination you define.  However this is poor coding.  You should not use the copy function in this way as it represents a security risk.  A malicious user could simply forge a HTTP request and force your script to move files on your server to the uploads directory.  Instead you should use move_uploaded_file:

 

This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

 

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.