----- Original Message ----- From: "Ian" --- In [email protected], <[EMAIL PROTECTED]> wrote: > > Q: Is there any way to allow someone to attach a file without uploading > to the web server? > > A: No. > > You have to upload the file to the tmp directory first, send it via email > and then delete it. > > Rob. >
Ok, now other things i've noticed like the attachment link is specific.. such as image/jpeg, would i have to make a huge if elseif tree for all different types to upload and then delete later on? ------------------------------------ Hi Ian, This depends on if you trust what the browser sends as a MIME type? If the browser sends a MIME type then it will be in - $_FILES['userfile']['type'] however any hacker can spoof the MIME type. This may be a problem depending on what sort of emails you are sending? text/attachment or HTML/attachment? ie - Are the images(or other objects) going to be in the email or just an attachment? If you are only allowing image type uploads then the actual MIME type can be extracted with the parts of the GD image functions. For more information google RFC2387. Robert.
