View Single Post
  #1 (permalink)  
Old October 22nd, 2007, 03:04 PM
crmpicco crmpicco is offline
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default mak upload file secure for public usage

Code:
/* UPLOADING FILE */
$target_path = "../images/gallery/";
$target_path = $target_path . basename( $_FILES['filename']['name']); 

if(move_uploaded_file($_FILES['filename']['tmp_name'], $target_path)) {
      echo "The file ".  basename( $_FILES['filename']['name']). 
        " has been uploaded";
} else {
      echo "There was an error uploading the file, please try again!";
}

$filename = basename( $_FILES['filename']['name']);
Form element:
Code:
<input type="file" name="filename" id="filename" class="textbox" size="40">
I am looking to make my code as secure as possible, it's basically taking a image from the form field and moving it to a directory on the server. I would also like to check what the file type is - as i'm only wanting to allow gif, png, jpg, bmp etc......

I know that the code isn't safe enough to put up live at the moment.......

Cheers,
Picco


www.crmpicco.co.uk
www.ie7.com
__________________
_______________________
Ayrshire Minis - a Mini E-Community
http://www.ayrshireminis.com
http://www.crmpicco.co.uk