Rommeo Posted December 31, 2011 Share Posted December 31, 2011 I let my members to upload their photos, I m using the script I coded which checks the file extension, if the file extension is "jpg" ( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning.. What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ? Link to comment https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/ Share on other sites More sharing options...
AyKay47 Posted January 1, 2012 Share Posted January 1, 2012 I let my members to upload their photos, I m using the script I coded which checks the file extension, if the file extension is "jpg" ( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning.. What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ? if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure. take a look here Link to comment https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/#findComment-1302940 Share on other sites More sharing options...
Rommeo Posted January 1, 2012 Author Share Posted January 1, 2012 if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure. take a look here What may be the other filtering ? The one I m doing is not enough ? By mime types I think you meant "mime_content_type()" ?? Link to comment https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/#findComment-1303012 Share on other sites More sharing options...
AyKay47 Posted January 1, 2012 Share Posted January 1, 2012 if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure. take a look here What may be the other filtering ? The one I m doing is not enough ? By mime types I think you meant "mime_content_type()" ?? Size, possibly name, and making sure that $_FILES[]['error'] is clean as it states in the link I gave you. For basic mime filtering, yes, however I normally like to group the valid mime types into an array and compare the array to the $_FILES[]['type'] value, saves some coding. mime_content_type will return a string containing the mime type of the file yes, but that function is not needed here since you are already checking the mime type via comparison operator. Link to comment https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/#findComment-1303065 Share on other sites More sharing options...
PaulRyan Posted January 1, 2012 Share Posted January 1, 2012 These 2 functions are also good to use is_uploaded_file and getimagesize. I use them when I do image uploads and such. Regards, PaulRyan. Link to comment https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/#findComment-1303140 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.