This is pretty much my first little project I did on my own (without looking at the tutorials) to help me learn, creating a file upload.

Any advice would be greatly appreciated! Also is this somewhat safe security wise?


<?php
$allowed = array("image/jpg", "image/jpeg", "images/gif", "image/png");
$f_name = $_FILES["file"]["name"];
$t_name = $_FILES["file"]["tmp_name"];
$f_size = $_FILES["file"]["size"];
$f_type = $_FILES["file"]["type"];
if (in_array($f_type, $allowed) && $f_size <= 1024000) {
if (file_exists("uploads/" . $f_name)) {
include 'error.php';
echo $f_name . " already exists.";
}
else {
move_uploaded_file($t_name, "uploads/" . $f_name);
include 'details.php';
}
}
else if (!(in_array($f_type, $allowed))) {
include 'error.php';
echo "You can only upload .jpg, .jpeg, .gif, or .png.";
}
else {
include 'error.php';
echo "Error: " . $_FILES["file"]["error"];
echo "Sorry, it's probably my bad!.";
}
?>

Actually quite good, I don't see much point in renaming $_FILES['file']['tmp_name'] since it's only used once. And you can put the ! in front of the in_array and remove one set of parenthesis, no big deal for either case. If you want to hold the original file name for the session you can make it a session variable, you can give the moved file a fixed name, if it's being modified, much simpler, then rename it to the original when it's downloaded.

I'm still getting used to sessions, but I will try it out! I was a little scared of putting the ! in front of in_array, but I tested it and it works! Thank you for all the advice!