--- Ken <[EMAIL PROTECTED]> wrote: > Thanks, but I have been there done that. I was looking for something a > little more friendly.
Try to Google: uploading files safely with PHP There are many tutorials there. Another approach is to Google: ~HOWTO PHP file upload This is such a common topic that the sites probably do a better job than any single post could supply. However, the steps are along this line: Create an upload form. The form tag must have enctype='multipart/form-data'. The input field you want is type='file' and the name property will be used in the PHP $_FILES superglobal. In your processing script (named in the action part of the form tag) you can look at $_FILES to see what is there. Files are stored initially in a temporary location (eg /tmp on many Linux installs of PHP) and you must copy this file from the temporary location to a more permanent one. Otherwise the file disappears when the script is done running half a second later. The location where you move the file (use is_uploaded_file() and move_uploaded_file()) must be a place where the webserver user has permission to write. This is where the real danger in file upload scripts comes in. If the destination is in the web space, someone could potentially upload a script or other dangerous content and activate it through the proper URL. You must inspect the temporary file to be sure the file is the kind you are expecting. For example, if you expect an image, use functions like get_image_size() to ensure that it is an image of an allowed type. Don't rely solely on the filename or extension. There are a multitude of concerns for file uploads and several ways of dealing with them. Your question is so general that it's hard for anyone to help you without asking them to write long essays. Google is your friend and the PHP site has some of the best documentation for a programming language out there. The user comments often contain helpful examples. Try to understand and use these pages, it will help a lot. James
