Jump to content


Photo

File Uploads


  • Please log in to reply
3 replies to this topic

#1 ttomnmo

ttomnmo
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 04 October 2006 - 01:39 AM

I am very new to this whole deals and was hoping to get some help. I used a script that I found online to do a very simple upload page, but it only works for gif files.

<form name="form1" method="post" action="" enctype="multipart/form-data">
<input type="file" name="imagefile">
<br>
<input type="submit" name="Submit" value="Submit">
<form name="form1" method="post" action="" enctype="multipart/form-data">
<input type="file" name="imagefile">
<br>
<input type="submit" name="Submit" value="Submit">
<?
if(isset( $Submit ))
{
if ($_FILES['imagefile']['type'] == "image/gif"){
       

copy ($_FILES['imagefile']['tmp_name'], "files/".$_FILES['imagefile']['name']) 
    or die ("Could not copy");
echo ""; 
        echo "Name: ".$_FILES['imagefile']['name'].""; 
        echo "Size: ".$_FILES['imagefile']['size'].""; 
        echo "Type: ".$_FILES['imagefile']['type'].""; 
        echo "Copy Done...."; 
        }
else {
            echo "<br><br>";
            echo "Could Not Copy, Wrong Filetype (".$_FILES['imagefile']['name'].")<br>";
        }
}
?> </form>

I was hoping that I could change the 

if ($_FILES['imagefile']['type'] == "image/gif"){   

line to some how copy any type of file.

Is this possible? And if so, how?

Thanks much!


#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 04 October 2006 - 01:59 AM

This is a very old script or one that is poorly designed. you need to make some changes so you protect your server. granted you are only allowing gif files, but anyone can upload any file type to your server and just call it some_file.gif. It's bad idea to use code that you don't understand, because your taking a chance that the person who coded this knows what they are doing, which in this case is not the case. There better examples in the PHP manual comments, I say that because most bad examples posted there are removed rather quickly!

I'll write you example, just me minute or two!

me!

#3 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 04 October 2006 - 02:41 AM

This is just quick example (in and out), configure the stuff at the top..

I attached it!

I had a html error in the script, I used <td>, where it should have been <div>

I fixed it now

[attachment deleted by admin]

#4 ttomnmo

ttomnmo
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 04 October 2006 - 04:22 AM

I hope you check back to see, cause I do thank you. I am trying to read your code and see all that you did and why, and I understand some of it.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users