Hi,

I've got a basic form already working, but I need to include some functionality which enables users to upload images. I'm using classic ASP, but don't have a database (crappy work policy), so when the form is submitted, the basic text from the form (name, address, email etc) should also include the image(s), which the form sends to my email address.

I'm slightly concerned about the security of this, some people might want to upload any file (doc, xls, exe etc), so I would like to keep the file format just jpeg.

Any help would be gratefully received

Many Thanks

Scott

Well, first of all you need an uploader component. If possible, use an ActiveX DLL component for the uploader. If not possible, there are dozens of "pure ASP" uploaders out there, some better than others.

Re restricting to jpg only: You *can* check the file name of the uploaded file to be sure it ends in ".jpg" or ".jpeg", but of course there's nothing to prevent somebody from renaming a ".exe" to ".jpg" and slipping it past you.

The best way to ensure you are getting an image is again to use an ActiveX DLL component for images. You load the uploaded file into the imaging component and make a minor change to it (e.g., resize it by one pixel? or add a dummy blank pixel or two say in the bottom right corner) and then re-save it back out as a JPG image. If that works, you know you have an image. If the imaging component complains about an invalid image format, you know you've been spoofed.

Most hosting services supply these components as part of an ASP hosting package. For example, GoDaddy does so for even their $5 a month plan. If you are self-hosting, you can purchase and install such components, but the purchase price will probably be a couple of hundred dollars or more, so a cheap hosting plan may be more economical.