feyd wrote:the tmp_name element will be empty if and when there either wasn't a file, the file uploaded was too large (killed by php itself) or there was an unrecoverable error.. you should check the 'error' element.
ok guys, I thank you a lot for your help, all of you, it was this im my from:
Code: Select all
<input type="hidden" name="MAX_FILE_SIZE" value="4000">
the error element was "2" which means the file was bigger than what I have defined (4k).
now I am uploading the files and checking:
file type by:
a) ext. (".JPG" or ".jpg" or ".jpeg") (which is not secure enough)
b) $_FILES['imagefile']['type'] (which is a joke security speaking)
c) getimagesize()
file size by:
a)
Code: Select all
<input type="hidden" name="MAX_FILE_SIZE" value="4000">
in the form
b) $_FILES['imagefile']['size']
and dimensions by:
Code: Select all
list($width, $height, $type, $w) = getimagesize($_FILES['imagefile']['tmp_name']);
this doesn't seem like enough for me and I live in continual fear that someone will upload a nasty file and kill my biz forever
but I guess i'll get over it