Announcement

**DsgnrsTLZAdmin** · Feb 12, 2004, 10:11 PM

nevermind. I played around with it and used this:

PHP Code:


if  (empty($avatar))

{

    print  "No avatar was selected.";

}

else

{

copy($HTTP_POST_FILES['avatar'] ['tmp_name'],

$HTTP_POST_FILES['avatar'] ['name']);

copy("$avatar",  "/var/www/html/forum/users/$username/avatar.gif");

unlink("$avatar");

}

**Nightfire** · Feb 13, 2004, 05:59 AM

I'm surprised that works

You want to check the file is an image, or anyone can upload an exe file or even worse, a virus

You need this in the <form> tag ENCTYPE="multipart/form-data"

You need to use these instead of $HTTP_POST_FILES

$_FILES['myfile']['tmp_name'] -- Contains the full path and filename of the uploaded file as stored on the server.

$_FILES['myfile']['name'] -- Contains the full path and filename of the uploaded file as stored on the client.

$_FILES['myfile']['size'] -- Contains the size of the file in bytes

$_FILES['myfile']['type'] -- Contains the MIME type information associated with the file (if any)

Should have something like this: (taken from zend.com and updated)

PHP Code:


<HTML> 

<HEAD> 

<TITLE>File Upload Results</TITLE> 

</HEAD> 

<BODY BGCOLOR="WHITE" TEXT="BLACK"> 

<P><FONT FACE="Arial, Helvetica, sans-serif"><FONT SIZE="+1">File Upload 

    Results</FONT><BR><BR> 

<?php 

     

    $uploadpath = '/path/to/store/uploaded/files/'; 

    $source = $_FILES['file1']['tmp_name']; 

    $dest = ''; 



    if ( ($source != 'none') && ($source != '' )) { 



        $imagesize = getimagesize($source); 



        switch ( $imagesize[2] ) { 



            case 0: 



                echo '<BR> Image is unknown <BR>'; 

                break; 



            case 1: 

                echo '<BR> Image is a GIF <BR>'; 

                $dest = $uploadpath.uniqid('img').'.gif'; 

                break; 

             

            case 2: 

                echo '<BR> Image is a JPG <BR>'; 

                $dest = $uploadpath.uniqid('img').'.jpg'; 

                break; 

             

            case 3: 

                echo '<BR> Image is a PNG <BR>'; 

                $dest = $uploadpath.uniqid('img').'.png'; 

                break; 



        } 



        if ( $dest != '' ) { 



            if ( move_uploaded_file( $source, $dest ) ) { 



                echo 'File successfully stored.<BR>'; 



            } else { 



                echo 'File could not be stored.<BR>'; 



            } 



        }  



    } else { 



        echo 'File not supplied, or file too big.<BR>'; 



    } 



?> 

<BR><A HREF="<?php echo $_SERVER['PHP_SELF'] ?>">Back</A> 

</FONT></P> 

</BODY> 

</HTML> 

<?php } else { ?> 

<!-- File Upload Form HTML Code Here --> 

<?php } ?>

[

**DsgnrsTLZAdmin** · Feb 13, 2004, 08:44 AM

Yeah thats a no brainer but thanks for the warning. I had already changed that on the form page... i specified max file size and accept type. thanks though

**DsgnrsTLZAdmin** · Feb 13, 2004, 08:53 AM

<input type="hidden" name="MAX_FILE_SIZE" value="10000" />

<input type="file" name="avatar" accept="image/gif" />

a lot simpler

Announcement

file upload

file upload

Comment

Comment

Comment

Comment