Tiny PHP Uploader
Snippet Menu
9
Thu. Feb. 22nd, 2007 5:20 PM 
1 of 1
fleft
File | Files | management | PHP | upload | uploader 
4 comments
This is a Tiny PHP Uploading script. It SHOULD be safe from both really large files and non-image files.
<?if(isset($_FILES['x'])){if($_FILES['x']['size']>1024*1024){die('too big');}
if(substr($_FILES['x']['type'],0,5)=='image'){$p=$_FILES['x']['name'];copy($_FILES['x']['tmp_name'],$p);
echo $p;}else{die('not image');}}?><form action="" method="post" enctype="multipart/form-data">
<input type="file" name="x"><input type="submit"/><input type="hidden" name="MAX_FILE_SIZE" value="1048576"></form>
if(substr($_FILES['x']['type'],0,5)=='image'){$p=$_FILES['x']['name'];copy($_FILES['x']['tmp_name'],$p);
echo $p;}else{die('not image');}}?><form action="" method="post" enctype="multipart/form-data">
<input type="file" name="x"><input type="submit"/><input type="hidden" name="MAX_FILE_SIZE" value="1048576"></form>
fleft fleft
Comments
Voting
Votes Up
Votes Down
The cleaner you write your code, the more helpful it is for beginners.
And use move_uploaded_file() instead of copy()... Additionally you could use is_uploaded_file() for even more security.
<?php
$maxsize = 1048576; /* The maximum file size allowed */
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>PHP TinyUpload</title>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
Image:<input type="file" name="userfile">
<input type="submit" value = "Upload!"/>
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxsize;?>">
<!-- MAX_FILE_SIZE is NOT safe, so you should always have a
server-side size limit. However, if you only have a server-side
limit, it will only tell the user their file is too big AFTER
they've uploaded it. This variable will be read by the browser
and calculated BEFORE the file is uploaded. -->
</form>
<br/>
<?php
if(isset($_FILES["userfile"])) /* If we received a file, process it */
{
if($_FILES["userfile"]["size"]>$maxsize)
{
echo "Your file is too big!";
} else {
if(substr($_FILES["userfile"]["type"],0,5) != "image") {
echo "Your file isn't an image!";
} else {
if(is_uploaded_file($_FILES["userfile"]["tmp_name"])
/* Here we check whether the file is uploaded or not */
&& move_uploaded_file($_FILES["userfile"]["tmp_name"],$_FILES["userfile"]["name"])) {
/* Here we actually upload the file */
echo "File ".$_FILES["userfile"]["name"]." uploaded!\n";
} else {
echo "Couldn't upload ".$_FILES["userfile"]["name"]."!\n";
}
}
}
</body>
</html>