Petsmacker Posted November 10, 2006 Share Posted November 10, 2006 I've set up a very basic image upload page on my site but have read about the dangers of site security regarding allowing user-uploads.Here is my script.[code]<B>File upload</b><br><form enctype="multipart/form-data" action="<?PHP echo $PHP_SELF ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000">Send this file: <input name="userfile" type="file"><input type="submit" name="submit" value="Send File"></form><?PHP // copy to this directory$dir="./images/temp/";// copy the file to the serverif (isset($submit)){if (!is_uploaded_file ($userfile)){echo "<b>$userfile_name</b> couldn't be copied!!";}// check whether it has been uploadedif (is_uploaded_file ($userfile)){move_uploaded_file($userfile,$dir.$userfile_name) ;}echo "<b>$userfile_name</b> copied succesfully !!";}?>[/code]The /images/temp/ folder is 757 CHMOD. I have no idea if thats the right or wrong one to use not being particularly familiar with CHMOD.Should I add anything to my script to make it more secure? I do intend to sort out the Max_file_size thing so its in PHP rather than HTML but is there anything else?How can people screw about with unsecured uploads or their folders or whatever it is they do?Hope you can help :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.