Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Aug 2008
    Location
    Liverpool
    Posts
    53
    Thanks
    37
    Thanked 0 Times in 0 Posts

    Question Upload image to email form

    Hi,

    I've got a basic form already working, but I need to include some functionality which enables users to upload images. I'm using classic ASP, but don't have a database (crappy work policy), so when the form is submitted, the basic text from the form (name, address, email etc) should also include the image(s), which the form sends to my email address.

    I'm slightly concerned about the security of this, some people might want to upload any file (doc, xls, exe etc), so I would like to keep the file format just jpeg.

    Any help would be gratefully received

    Many Thanks

    Scott

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,032
    Thanks
    75
    Thanked 4,325 Times in 4,291 Posts
    Well, first of all you need an uploader component. If possible, use an ActiveX DLL component for the uploader. If not possible, there are dozens of "pure ASP" uploaders out there, some better than others.

    Re restricting to jpg only: You *can* check the file name of the uploaded file to be sure it ends in ".jpg" or ".jpeg", but of course there's nothing to prevent somebody from renaming a ".exe" to ".jpg" and slipping it past you.

    The best way to ensure you are getting an image is again to use an ActiveX DLL component for images. You load the uploaded file into the imaging component and make a minor change to it (e.g., resize it by one pixel? or add a dummy blank pixel or two say in the bottom right corner) and then re-save it back out as a JPG image. If that works, you know you have an image. If the imaging component complains about an invalid image format, you know you've been spoofed.

    Most hosting services supply these components as part of an ASP hosting package. For example, GoDaddy does so for even their $5 a month plan. If you are self-hosting, you can purchase and install such components, but the purchase price will probably be a couple of hundred dollars or more, so a cheap hosting plan may be more economical.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •