Page 2 of 2

Posted: Fri Sep 03, 2004 9:11 am
by ljCharlie
Thanks for that tip. Okay, here's more. Do I test the getimagesize() to see if it is a jpeg file before I do the move_uploaded_file() or can I do the move_uploaded_file() first then do the getimagesize()? Question is, I'm not sure if I can do the getimagesize() before move_uploaded_file because the getimagesize requires a specific path. But if I do the getimagesize after the move_uploaded_file(), how do I delete the file from the path once it is not a jpeg file?

ljCharlie

Posted: Fri Sep 03, 2004 9:19 am
by ljCharlie
So another word, $_FILES['userfile']['type'] is not going to tell me the true type of the file as compare to getimagesize()?

ljCharlie

Posted: Fri Sep 03, 2004 12:26 pm
by feyd
example only

Code: Select all

<?php

if(!is_uploaded_file($_FILES['userfile']['tmp_name']))
  die('Hacking Attempt!');

$size = @getimagesize($_FILES['userfile']['tmp_name']);
if($size === false)
{
  unlink($_FILES['userfile']['tmp_name']);
  die('file wasn''t an image');
}

list(,$type) = explode('/',$size['type']);
if(!preg_match('#^(gif|jpe?g|png)$#i',$type))
{
  unlink($_FILES['userfile']['tmp_name']);
  die('file was wrong image-type');
}

move_uploaded_file($_FILES['userfile']['tmp_name'], '/path/to/your/storage/folder/of/choice/' . $_FILES['userfile']['name']); // you can rename the file to whatever you want here.

?>

Posted: Fri Sep 03, 2004 1:47 pm
by ljCharlie
Thanks for the sample. However, it's not working when I

echo "Type: ".$type."<br>";

after the:

list(,$type) = explode('/',$size['type']);

There is nothing show up when I echo type.

ljCharlie

Posted: Fri Sep 03, 2004 2:51 pm
by feyd
echoing $size['type'] may tell you why.

Posted: Fri Sep 03, 2004 9:52 pm
by ongray
this is what i have done for my upload
i created a directory called "mydir" at c: drive of my server. All the upload will be stored there.

<?php
function handleupload($e) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$realname = $_FILES['userfile']['name'];
copy($_FILES['userfile']['tmp_name'], "c:\\mydir\\".$realname);
return $realname;
}
}

if ($upload)
{
$realname = handleupload();
}

?>


this is the HTML part ....
<form ENCTYPE="multipart/form-data" method="POST" action="<?php echo $ME; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input type="file" name="userfile" size="24">
<input type="submit" value="Upload" name="upload">