suttercain Posted November 30, 2007 Share Posted November 30, 2007 Hi everyone, I have built forms in the past for users, but this is my first attempt at allowing visitors to upload an image. The idea is that I have a comicbook database and if I don't already have an image on file for that issue, a visitor can upload one (and save me the time). Would you be so kind to look at my code below and let me know if I am missing anything security wise. I check the size and also the type (jpg or gif only). I also have the file renamed to match the uniquie comicbook id. Thank in advance. <?php include('../includes/get_connected.php'); if ($_FILES['titleSheet']['size'] < 1250000) { if ($_FILES['titleSheet']['type'] === "image/gif" || $_FILES['titleSheet']['type'] === "image/jpg" || $_FILES['titleSheet']['type'] === "image/jpeg") { $sqlImage = mysql_query("SELECT comic_id FROM comics WHERE comic_id = '".$_POST['id']."'") or die(mysql_error($connect)); $image = mysql_fetch_row($sqlImage); $imageName = $image['0']; // PROCESS IMAGE $target_path = "../images/titleSheet/full/"; $target_path = $target_path . basename( $_FILES['titleSheet']['tmp_name']); $_FILES['titleSheet']['tmp_name']; //MOVE THE IMAGE TO THUMBNAILS move_uploaded_file($_FILES['titleSheet']['tmp_name'], $target_path); //EXPLODE TO RENAME IMAGE $fileName = $_FILES['titleSheet']['name']; $broken = explode(".", $fileName); rename("../images/titleSheet/full/".basename($_FILES['titleSheet']['tmp_name'])."", "../images/titleSheet/full/".$imageName."." .$broken[1].""); //Upload Image Name Into Table $image = $imageName."." .$broken[1]; $comic_id = $_POST['id']; $insert = mysql_query("INSERT INTO titleSheet (comic_id, image) VALUES ('$comic_id', '$image')") or die(mysql_error()); if ($insert) { header("Location: http://www.supermandatabase.com/comics/$comic_id"); } } else { echo "The image file must be in .gif, .jpg or .jpeg format."; $passed = FALSE; } } else { echo "The file was too large!"; } ?> Quote Link to comment Share on other sites More sharing options...
suttercain Posted November 30, 2007 Author Share Posted November 30, 2007 So this looks okay then? I am going to make it public by days end. Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.