3 Replies - 893 Views - Last Post: 01 December 2009 - 05:09 AM Rate Topic: -----

#1 chris_s_22  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 74
  • Joined: 27-December 08

photo upload limits

Posted 30 November 2009 - 04:50 AM

ive got a upload photo script and im just trying to make more secure currently it limits size and as you can see from my code below it limits only gif and php files

how do i edit my code to limit all these or do i have to copy and paste the same code and change the file extention?
jpg, jpeg, pjpeg, PJPEG, JPG, JPEG, gif, GIF, png, PNG

if (!($uploaded_type=="image/gif")) {
	echo "You may only upload GIF files.<br>";
	$ok=0;
	}  



also ive restricted php is there anything else i need to restrict?
if ($uploaded_type =="text/php") 
{ 
	echo "No PHP files<br>"; 
	$ok=0; 
	} 


Is This A Good Question/Topic? 0
  • +

Replies To: photo upload limits

#2 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: photo upload limits

Posted 30 November 2009 - 05:02 AM

you can store all types in array and using in_array

Example:
$types = array("type/jpg", "type/jpeg", "type/pjpeg", "type/PJPEG", "type/JPG", "typ/JPEG", "type/gif", "type/GIF", "type/png", "type/PNG");
if(!in_array($uploaded_type,$types)){
 echo "Invlaid file type";
 $ok = 0;
}

Was This Post Helpful? 0
  • +
  • -

#3 picnframes  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 01-December 09

Re: photo upload limits

Posted 01 December 2009 - 04:50 AM

if you want to set the limit than u can also send a hidden input type having size limit as value:
input type="hidden" name="MAX_FILE_SIZE" value="2000000
input name="userfile" type="file" id="userfile
input name="upload" type="submit" class="box" id="upload" value=" Upload">
<input type="file" name="" >


if(!$con)
{
die("conection failed".mysql_error());
}
$sql=mysql_select_db("photo",$con);if(!$sql){die("database failed".mysql_error());}
$uploadDir = 'C:/webroot/upload/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result)
{
echo "Error uploading file";exit;}

if(!get_magic_quotes_gpc())
{$fileName = addslashes($fileName);
$filePath = addslashes($filePath);}
$query = "INSERT INTO upload2 (name, size, type, path ) "."VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
mysql_close($con);
echo "
Files uploaded
";
}?>
picnframes.com
sco-16
sec-34
chandigarh
Was This Post Helpful? 0
  • +
  • -

#4 chris_s_22  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 74
  • Joined: 27-December 08

Re: photo upload limits

Posted 01 December 2009 - 05:09 AM

thx people ive gone with something more simple bit more like this and just added each exeption like so
if ((($_FILES["photo"]["type"] == "image/gif") 
	|| ($_FILES["photo"]["type"] == "image/jpeg") 
	|| ($_FILES["photo"]["type"] == "image/pjpeg"))
	&& ($_FILES["photo"]["size"] < 51000))
	{


Was This Post Helpful? 0
  • +
  • -

Page 1 of 1