#1 ... adding .jpg to a picture just because it's a picture is bad. Even if it WAS a jpg, what if they used the extension .jpeg?
Also, there are some very other common and valid picture extensions. gif png bmp tiff
here's how to get a file's extension if it's being uploaded
Code: Select all
$extension = strstr($_FILES['formfilename']['name'],".");
Then, tack this on to the end of what you named the file. Which brings me to..
#2 .. Unless you're adding pictures inside of a loop, then naming them to time() would guarantee a unique filename for each picture (unless you have concurrent users uploading). Then you should use JshPro's advice and go with sha1(uniqid(1)).
So in the end you should end up with something like this.
Code: Select all
$filename = $_FILES['formfilename']['name'];
$file_extension = strstr($filename,".");
$my_filename = substr(sha1(uniqid(1),0,10);
$complete_filename = $my_filename.$file_extension;
and #3.. don't rename the files after you've already moved them to the server. you should'n't have to use rename() .. just name them what you want before you store it.