File upload - step 1
Many programes required for an image be uploaded, but you want to ensure that the image was uploaded safely and that their is no way to upload bad software. In this tutorial I will give a explanation on how to upload an image and a in-depth explanation on the security aspects of uploading images and files. To the left is a link to a pdf that helped me discover the security of file uploading.
Basic upload using html and php
To start off lets just make a simple form that can upload any file to the server. To start off we need an html form which can upload an image. That is simple and the following will do the trick.
If you ever created an html form befor you will notice the "enctype" option on the form tag is new. The stanard enctype if enough for any form information other then uploaing files, you need enctype="multipart/form-data" to be able to upload images to the server. This form will send a new variable to the processing page upload.x.php which will be $_FILES.
The $_FILES array will contain an array of arrays which each contining the original file name, the extension type, the temporary name in the /tmp/ directory, the file size and the error number if an error occured. If the error number is set to anithing but 0 then an error accured and the image did not get uploaded succesfully( or at all). Bellow is a print of the $_FILES array.
Array
(
[file] => Array
(
[name] => logo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/php4K509K
[error] => 0
[size] => 23124
)
)
It is always important to know that the "type" argument is not reliable and is not a safe method of checking the type of file it is. Also the extension is not the safest method of checking what type of file is being uploaded. The above is only the html version of uploading, you still need to make a secure php page to move the file and ensure it is the correct file.