The problem is in that you do global only for $ImageFile, but not for $ImageFile_name. Big flaw is that if someone make a form <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" ENCTYPE="multipart/form-data" > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000">
<Input Type="text" Name="ImageFile__name" value="../../../../etc/passwd"> <Input Type="Submit" Name="Submit"> </FORM> may be can make a big shot. Depends on under which user Apache is running. The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will be new name for it => $_FILES .This array will be global, so there is no need to write global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST is merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini). Regards, Andrey Hristov IcyGEN Corporation http://www.icygen.com BALANCED SOLUTIONS ----- Original Message ----- From: "Ryan Stephens" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 28, 2001 10:12 AM Subject: [PHP] Image Uploads beeing corupted > Hey guys, > > I got my uploads to work thanks to some peoples help here in this > newsgroup.... but now im having a problem with the files beeing corrupted > upon upload..... not sure why.... any help would be greatly apreciated. > > I have included my code again if it helps any. > > <----------------------------------------> > function UploadImage(){ > global $HTTP_POST_FILES; > global $ImageFile; > reset($HTTP_POST_FILES); > $pic_file = $HTTP_POST_FILES['ImageFile']; > copy ($pic_file['tmp_name'], "../images/$ImageFile_name"); > } > > <FORM ACTION="<?php $SCRIPT_NAME ?>" Method="Post" > ENCTYPE="multipart/form-data" > > <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000"> > > <Input Type="File" Name="ImageFile"> > <Input Type="Submit" Name="Submit"> > </FORM> > <----------------------------------------> > > I've found that just doing this seems to do the same > > function UploadImage(){ > global $ImageFile; > copy ($ImageFile, "../images/$ImageFile_name"); > } > > > Thanks > Ryan Stephens > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
