TalkPHP - View Single Post

Wildhoney · 09-25-2007, 09:47 PM

Just to add onto this article. There is a function in PHP that allows you to check if the file is actually uploaded, and that it's not coming from anywhere else: is_uploaded_file(). I would also be tempted to check both the extension and the MIME type for extra security. Perhaps that's just me being somewhat cautious though.

Thanks for the article. It's very much appreciated and I'm sure it will give many people a helping hand!

09-25-2007, 09:47 PM	#3 (permalink)
Wildhoney La Vida es Sueño Join Date: Sep 2007 Location: Oldham Posts: 2,267 Thanks: 90	Just to add onto this article. There is a function in PHP that allows you to check if the file is actually uploaded, and that it's not coming from anywhere else: `is_uploaded_file()`. I would also be tempted to check both the extension and the MIME type for extra security. Perhaps that's just me being somewhat cautious though. Thanks for the article. It's very much appreciated and I'm sure it will give many people a helping hand! __________________ The man who comes back through the Door in the Wall will never be quite the same as the man who went out.