Hi all,

I have some code that allows users to upload their image to my site.
I only want them to be able to upload .jpg and .gif files for security reasons and also I only want them to upload an image up to a certain size.

I'm using this currently which only allows .gifs to be uploaded:

if ($_FILES['imageupload']['type'] == "image/gif")
{ 	
copy (copy root is here;)
}

Is this the best way to do it and also how can I get it to look at the size of the file that has been uploaded?

I think i'm going to use:

$_FILES['imageupload']['size']

    I'm using this now, the images are fine, I realised many .jpg images are pjpeg.
    I can't get the size to work though:

    if ($_FILES['imageupload']['type'] == "image/gif" OR $_FILES['imageupload']['type'] == "image/pjpeg" OR $_FILES['imageupload']['type'] == "image/jpeg" AND $_FILES['imageupload']['size']<'100' )

      SOLVED using file_max_size, thanks if you had a look guys!

        MitchEvans wrote:
        if ($_FILES['imageupload']['type'] == "image/gif")

        This is bad. Use getimagesize on the file and if you want to be even sticter make sure you can open it with imagecreatefromjpeg etc.

          hi bokehman,

          can you give me a bit more information on using the 'createimagefromjpeg' function to add a bit of extra security in ensuring that the files being uploaded truly are images?

          thanks!
          b.

            Write a Reply...