Jump to content

About uploading a photo

Rommeo

By Rommeo
in PHP Coding Help

 Share

Recommended Posts

Rommeo Advanced Member

Rommeo

Posted
Posted

I let my members to upload their photos,

I m using the script I coded which checks the file extension, if the file extension is "jpg"

( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning..

What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ?

Link to comment
https://forums.phpfreaks.com/topic/254147-about-uploading-a-photo/
Share on other sites
AyKay47 Member

AyKay47

Posted
Posted

I let my members to upload their photos,

I m using the script I coded which checks the file extension, if the file extension is "jpg"

( if ($this->url['type'] == "image/jpg")) and less than 600kb it uploads. Otherwise it gives you a warning..

What I wonder is, do I face any unwanted results about this later ? Like someone uploads a virus or script then execute it and do something ?

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

Rommeo Advanced Member

Rommeo

Posted
  • Author
Posted

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

What may be the other filtering ?

The one I m doing is not enough ?

By mime types I think you meant "mime_content_type()" ?? 

AyKay47 Member

AyKay47

Posted
Posted

if you are filtering the results to only allow image mime types, along with some other filtering, your code should be pretty secure.

take a look here

What may be the other filtering ?

The one I m doing is not enough ?

By mime types I think you meant "mime_content_type()" ??

Size, possibly name, and making sure that $_FILES[]['error'] is clean as it states in the link I gave you.

For basic mime filtering, yes, however I normally like to group the valid mime types into an array and compare the array to the $_FILES[]['type'] value, saves some coding.

mime_content_type will return a string containing the mime type of the file yes, but that function is not needed here since you are already checking the mime type via comparison operator.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.