Page 2 of 2
Posted: Fri Sep 03, 2004 9:11 am
by ljCharlie
Thanks for that tip. Okay, here's more. Do I test the getimagesize() to see if it is a jpeg file before I do the move_uploaded_file() or can I do the move_uploaded_file() first then do the getimagesize()? Question is, I'm not sure if I can do the getimagesize() before move_uploaded_file because the getimagesize requires a specific path. But if I do the getimagesize after the move_uploaded_file(), how do I delete the file from the path once it is not a jpeg file?
ljCharlie
Posted: Fri Sep 03, 2004 9:19 am
by ljCharlie
So another word, $_FILES['userfile']['type'] is not going to tell me the true type of the file as compare to getimagesize()?
ljCharlie
Posted: Fri Sep 03, 2004 12:26 pm
by feyd
example onlyCode: Select all
<?php
if(!is_uploaded_file($_FILES['userfile']['tmp_name']))
die('Hacking Attempt!');
$size = @getimagesize($_FILES['userfile']['tmp_name']);
if($size === false)
{
unlink($_FILES['userfile']['tmp_name']);
die('file wasn''t an image');
}
list(,$type) = explode('/',$size['type']);
if(!preg_match('#^(gif|jpe?g|png)$#i',$type))
{
unlink($_FILES['userfile']['tmp_name']);
die('file was wrong image-type');
}
move_uploaded_file($_FILES['userfile']['tmp_name'], '/path/to/your/storage/folder/of/choice/' . $_FILES['userfile']['name']); // you can rename the file to whatever you want here.
?>
Posted: Fri Sep 03, 2004 1:47 pm
by ljCharlie
Thanks for the sample. However, it's not working when I
echo "Type: ".$type."<br>";
after the:
list(,$type) = explode('/',$size['type']);
There is nothing show up when I echo type.
ljCharlie
Posted: Fri Sep 03, 2004 2:51 pm
by feyd
echoing $size['type'] may tell you why.
Posted: Fri Sep 03, 2004 9:52 pm
by ongray
this is what i have done for my upload
i created a directory called "mydir" at c: drive of my server. All the upload will be stored there.
<?php
function handleupload($e) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$realname = $_FILES['userfile']['name'];
copy($_FILES['userfile']['tmp_name'], "c:\\mydir\\".$realname);
return $realname;
}
}
if ($upload)
{
$realname = handleupload();
}
?>
this is the HTML part ....
<form ENCTYPE="multipart/form-data" method="POST" action="<?php echo $ME; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<input type="file" name="userfile" size="24">
<input type="submit" value="Upload" name="upload">