uploading files

Hello Experts ,
i am a new in the PHP world , but i have been study this lang for serverl years but as a part time ,
i have seen lots of codes which are upload files and photo . but the problem there aren't too secure because in some cases some one could upload shell script as a JPG format or another types ..
Can any one help me to get a small code which is can upload the files and photo with the most security methods...
thanx in advance.
 
CFILAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

phpintheusaCommented:
I use something similar to this to make sure they are uploading the proper file extension:

$image_types = 'jpg,jpeg,gif,png';
 
function getFileExt($filename) {
	$path_info = pathinfo($filename);
	return $path_info['extension'];
}
$extension = getFileExt($_FILES['photo']['name']);
$extension = strtolower($extension);
$extension = explode('.', $extension);
$ext = $extension[0];
$goode = strtolower($image_types);
$goode = explode(',', $goode);
if( !in_array( $ext, $goode ) ) {
	echo 'Sorry, you can only upload jpg,jpeg,gif and png files.';
         die;
}

Open in new window

0
CFILAuthor Commented:
Hi phpintheusa: ,
thank you for your comment ,
could you please put the whole code from  choosing a file until save it in a particular path.
Sorry for my question , i am not an expert as you think ..

0
phpintheusaCommented:
Here you go, tested and no errors.
<?php
$image_types = 'jpg,jpeg,gif,png';	// allowed image type (example: 'jpg,gid,jpeg,png')
$upload_path = 'photos/';		// path to uploads directory
 
if (isset($_POST['action']) && $_POST['action'] == 'upload') {
	if (!isset($_FILES['photo'])) {
		die('Photo not chosen. Please try again.');
	} else {
		$temp = $_FILES['photo']['tmp_name'];
		function getFileExt($filename) {
			$path_info = pathinfo($filename);
			return $path_info['extension'];
		}
		$extension = getFileExt($_FILES['photo']['name']);
		$extension = strtolower($extension);
		$extension = explode('.', $extension);
		$ext = $extension[0];
		$goode = strtolower($image_types);
		$goode = explode(',', $goode);
		if( !in_array( $ext, $goode ) ) {
			echo 'Sorry, you can only upload jpg,jpeg,gif and png files.';
		}
		$upload_path = $upload_path . basename( $_FILES['photo']['name']); 
		if(move_uploaded_file($_FILES['photo']['tmp_name'], $upload_path)) {
		    echo 'Success!';
		} else {
		    echo "Please try again!";
		}
 
	}
} else {
	echo '
		<form enctype="multipart/form-data" action="upload.php" method="POST">
			<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
			<input type="hidden" name="action" value="upload" />
			<p>File to upload: <input name="photo" type="file" /></p>
			<p><input type="submit" value="Upload" /></p>
		</form>
 
	';
}
?>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CFILAuthor Commented:
thank you Sir .. its grate .
i tried it and it is work fine but Do you think there is any way to upload some shell scripts or any trojan files
0
phpintheusaCommented:
Nah, you should be fine:D
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.