Thanks for that tip. Okay, here's more. Do I test the getimagesize() to see if it is a jpeg file before I do the move_uploaded_file() or can I do the move_uploaded_file() first then do the getimagesize()? Question is, I'm not sure if I can do the getimagesize() before move_uploaded_file because the getimagesize requires a specific path. But if I do the getimagesize after the move_uploaded_file(), how do I delete the file from the path once it is not a jpeg file?
ljCharlie
Specify where to store upload files
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
example only
Code: Select all
<?php
if(!is_uploaded_file($_FILES['userfile']['tmp_name']))
die('Hacking Attempt!');
$size = @getimagesize($_FILES['userfile']['tmp_name']);
if($size === false)
{
unlink($_FILES['userfile']['tmp_name']);
die('file wasn''t an image');
}
list(,$type) = explode('/',$size['type']);
if(!preg_match('#^(gif|jpe?g|png)$#i',$type))
{
unlink($_FILES['userfile']['tmp_name']);
die('file was wrong image-type');
}
move_uploaded_file($_FILES['userfile']['tmp_name'], '/path/to/your/storage/folder/of/choice/' . $_FILES['userfile']['name']); // you can rename the file to whatever you want here.
?>this is what i have done for my upload
i created a directory called "mydir" at c: drive of my server. All the upload will be stored there.
<?php
function handleupload($e) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$realname = $_FILES['userfile']['name'];
copy($_FILES['userfile']['tmp_name'], "c:\\mydir\\".$realname);
return $realname;
}
}
if ($upload)
{
$realname = handleupload();
}
?>
this is the HTML part ....
<form ENCTYPE="multipart/form-data" method="POST" action="<?php echo $ME; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input type="file" name="userfile" size="24">
<input type="submit" value="Upload" name="upload">
i created a directory called "mydir" at c: drive of my server. All the upload will be stored there.
<?php
function handleupload($e) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$realname = $_FILES['userfile']['name'];
copy($_FILES['userfile']['tmp_name'], "c:\\mydir\\".$realname);
return $realname;
}
}
if ($upload)
{
$realname = handleupload();
}
?>
this is the HTML part ....
<form ENCTYPE="multipart/form-data" method="POST" action="<?php echo $ME; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input type="file" name="userfile" size="24">
<input type="submit" value="Upload" name="upload">