Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts

    Does this code look okay?

    This is pretty much my first little project I did on my own (without looking at the tutorials) to help me learn, creating a file upload.

    Any advice would be greatly appreciated! Also is this somewhat safe security wise?

    PHP Code:
    <?php
                $allowed 
    = array("image/jpg""image/jpeg""images/gif""image/png");
                
    $f_name $_FILES["file"]["name"];
                
    $t_name $_FILES["file"]["tmp_name"];
                
    $f_size $_FILES["file"]["size"];
                
    $f_type $_FILES["file"]["type"];
                if (
    in_array($f_type$allowed) && $f_size <= 1024000) {
                    if (
    file_exists("uploads/" $f_name)) {
                        include 
    'error.php';
                        echo 
    $f_name " already exists.";
                    }
                    else {
                        
    move_uploaded_file($t_name"uploads/" $f_name);
                        include 
    'details.php';
                    }
                }
                else if (!(
    in_array($f_type$allowed))) {
                    include 
    'error.php';
                    echo 
    "You can only upload .jpg, .jpeg, .gif, or .png.";
                }
                else {
                    include 
    'error.php';
                    echo 
    "Error: " $_FILES["file"]["error"];
                    echo 
    "Sorry, it's probably my bad!.";
                }
                
    ?>
    Last edited by RonnyNishimoto; 07-19-2012 at 10:11 PM.

  • #2
    Senior Coder
    Join Date
    Sep 2010
    Posts
    1,899
    Thanks
    15
    Thanked 226 Times in 226 Posts
    Actually quite good, I don't see much point in renaming $_FILES['file']['tmp_name'] since it's only used once. And you can put the ! in front of the in_array and remove one set of parenthesis, no big deal for either case. If you want to hold the original file name for the session you can make it a session variable, you can give the moved file a fixed name, if it's being modified, much simpler, then rename it to the original when it's downloaded.

  • Users who have thanked DrDOS for this post:

    RonnyNishimoto (07-19-2012)

  • #3
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    I'm still getting used to sessions, but I will try it out! I was a little scared of putting the ! in front of in_array, but I tested it and it works! Thank you for all the advice!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •