uploading script (the basics)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jkashu
Forum Commoner
Posts: 45
Joined: Tue Jan 30, 2007 12:00 pm

uploading script (the basics)

Post by jkashu »

I have created a very basic file uploading script. What is needed in order to limited file size and accept only certain file extensions?
Z3RO21
Forum Contributor
Posts: 130
Joined: Thu Aug 17, 2006 8:59 am

Post by Z3RO21 »

http://us2.php.net/features.file-upload The manual is a good place to start learning! Also try google. :)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: uploading script (the basics)

Post by Christopher »

jkashu wrote:I have created a very basic file uploading script.
Excellent! You can post your code in the Code Critique and get valuable input on your code.
jkashu wrote:What is needed in order to limited file size
There is a MAX_FILE_SIZE parameter you can use in your form. However that does not prevent malicious circumvention. PHP has a ini setting for max_upload_size the is probably a better ultimate limiter. Best is to check the actual size of the temporary uploaded file and don't move it unless it is it your allowed size range.
jkashu wrote: and accept only certain file extensions?
The extension will not prevent malicious circumvention. You should inspect the actual file to determine its type. PHP has several functions for this.
(#10850)
Post Reply