Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Nov 2007
    Thanked 0 Times in 0 Posts

    Security Question for PHP File Upload

    Recently my form was attempted (maybe successfully) to be hacked via php script embedded in a jpg. I originally thought the form was secure because the files never leave the default apache temporary directory.

    Basically my form data is posted, and uploaded into a database as a blob, then is downloaded via an administrative panel.

    I've been reading a lot of posts and discussions on this it from my understanding, the major security risk is when the file is actually being displayed or stored in a location able to be navigated to via web.

    I can include my code if needed, it's just a basic insert escaped file data into a table though.

    Should I be concerned?
    Time after Time

  2. #2
    Senior Coder durangod's Avatar
    Join Date
    Nov 2010
    southwestern USA
    Thanked 47 Times in 45 Posts
    From my experience most of these defunk .jpg's are 1x1 in size so you can set a min size if you wish and that should stop many of them.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts