Jump to content

About uploading a photo


Rommeo

Recommended Posts

I let my members to upload their photos,

I m using the script I coded which checks the file extension, if the file extension is "jpg"

( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning..

What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ?

Link to comment
https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/
Share on other sites

I let my members to upload their photos,

I m using the script I coded which checks the file extension, if the file extension is "jpg"

( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning..

What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ?

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

What may be the other filtering ?

The one I m doing is not enough ?

By mime types I think you meant "mime_content_type()" ?? 

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

What may be the other filtering ?

The one I m doing is not enough ?

By mime types I think you meant "mime_content_type()" ??

Size, possibly name, and making sure that $_FILES[]['error'] is clean as it states in the link I gave you.

For basic mime filtering, yes, however I normally like to group the valid mime types into an array and compare the array to the $_FILES[]['type'] value, saves some coding.

mime_content_type will return a string containing the mime type of the file yes, but that function is not needed here since you are already checking the mime type via comparison operator.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.