uploading pics script help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
chris_s_22
Forum Commoner
Posts: 76
Joined: Wed Dec 31, 2008 2:05 pm

uploading pics script help

Post by chris_s_22 »

what should be my file permission? of the folder i upload the pictures to.

also id be grateful if someone checked through my code and gave me pointers how i can make more secure or point out any faults.
Im using following code

Code: Select all

 
<?php 
include 'Connect.php';
//This function separates the extension from the rest of the file name and returns it 
function findexts ($filename) 
{ 
$filename = strtolower($filename) ; 
$exts = split("[/\\.]", $filename) ; 
$n = count($exts)-1; 
$exts = $exts[$n]; 
return $exts; 
} 
 
 
$ext = findexts ($_FILES['photo']['name']) ; //This applies the function to our file 
$ran = rand () ;//This line assigns a random number to a variable.
$ran2 = $ran."."; //adds a . on the end of $ran 
$target = "userimages/"; //This is the directory where images will be saved
$pic = $ran2.$ext;//This gets information from the form that has since been randomised and checked
$target = $target . $ran2.$ext;//This combines the directory, the random file name, and the extension
$ok=1;
 
//This is our size condition 
if ($uploaded_size > 350000) 
{ 
echo "Your file is too large.<br>"; 
$ok=0; 
} 
 
//This is our limit file type condition 
if ($uploaded_type =="text/php") 
{ 
echo "No PHP files<br>"; 
$ok=0; 
} 
 
//Here we check that $ok was not set to 0 by an error 
if ($ok==0) 
{ 
Echo "Sorry your file was not uploaded"; 
} 
 
//If everything is ok we try to upload it 
else 
{ 
    //Writes the information to the database 
    mysql_query("UPDATE members SET photo = '$pic' WHERE username = '$username'") ;
 
    if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
    {   
    } 
    else 
    { 
    echo "Sorry, there was a problem uploading your file."; 
    } 
} 
?> 
 
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: uploading pics script help

Post by Jonah Bron »

You shouldn't use spaces between a function and it's arguments, and try to be a little more consistent in your syntax. I'm not sure how secure the PHP file check is, but someone with more expertise in that area should reply here.
Post Reply