http://www.php-help.net/sources-php/image.upload.function.353.html Regards, Nadim Attari Alienworkers.com > Hi, After a disastrous first attempt (which uploaded images but only by > chance) it was suggested I rework the entire thing. This one seems to > check the file against getimagesize and if that doesn't prove false, > check the type and make the extension then rename the file. But the > moving part is not working, and it does not kick back any error, it just > fails. > > Can anyone tell me what I am doing wrong, and also if this is sufficient > to a) upload images safely and b) protect against tampering? > > Thanks in advance, > JJ > > > <?php > > error_reporting(E_ALL); > > $uploaddir = "images/jpg/test/"; > > // print_r($_FILES); > > $local_file = $_FILES['userfile']['tmp_name']; > > if (sizeof($local_file)) > { > > //try to get image size; this returns false if this is not an actual > image file. > $image_test = getimagesize($local_file); > > if ($image_test !== false) { > $mime_type = $_FILES['userfile']['type']; > switch($mime_type) { > case "image/jpeg": > $pext = 'jpg'; > break; > case "image/tiff": > $pext = 'tif'; > break; > default: > echo "The file you are trying to upload is an image, but it is not > a tif or jpeg and therefore unacceptable."; > } > } else { > echo "The file you are trying to upload is not a valid image file"; > } > > $main_image = md5(date("l-F-j-Y i:s")).'.'.$pext; > > > move_uploaded_file($main_image,$uploaddir); > > } > > ?> > > <form enctype="multipart/form-data" action="<?php echo > $_SERVER['PHP_SELF']; ?>" method="POST"> > <input type="hidden" name="MAX_FILE_SIZE" value="300000" /> > <!-- Name of input element determines name in $_FILES array --> > Cartoon: <input name="userfile" type="file" /> > <input type="submit" value="Upload File" /> > </form> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
