First, in your form, you should use the "accept" with a comma-separated list of the MIME types that you want to accept for upload.[php]<input type="file" name="upfile" accept="mime1,mime2, etc">. In your case, the MIME type would be: "image/jpeg".
You shouldn't rely on that only, however. You should check on the received MIME types as you post-process the uploaded file(s). For more on that, see: http://www.webdeveloper.com/forum/showthread.php?t=101466
Last edited by NightShift58; 02-13-2007 at 05:03 AM.
<?php
//set where you want to store files
//in this example we keep file in folder upload
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif
$path= "upload/".$HTTP_POST_FILES['ufile']['name'];
if($ufile !=none)
{
if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))
{
echo "Successful<BR/>";
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
echo "File Name :".$HTTP_POST_FILES['ufile']['name']."<BR/>";
echo "File Size :".$HTTP_POST_FILES['ufile']['size']."<BR/>";
echo "File Type :".$HTTP_POST_FILES['ufile']['type']."<BR/>";
echo "<img src=\"$path\" width=\"150\" height=\"150\">";
}
else
{
echo "Error";
}
}
?>
To check the mime type of an image use getimagesize() which checks the file headers. If you are extra paranoid you could even use imagecreatefromjpeg() to see whether the image can be opened. Do this before considering moving the image.
Reply With Quote
Bookmarks