How I can validate input on form before upload file?

PHP File uploading question.?

Firstly I already have a script working which upload 1 file at a time but after browsing the web for hours on advice I was wondering if any of you guys had any idea of a working tutorial or scripts. I've tried 5 different multiple file upload scripts which either have out of date functions or don't work. Any ideas would be great below is the code I use for 1 file upload if you know how to convert it to allow multiple file uploads that would be great but all in all any help would be appreciated. <form method="POST" action="upload-process.php" enctype="multipart/form-data"> <input type="file" name="image1" /> <input type="submit" value="Upload" /> </form> ///////////////////////////// PHP Page //////////////////////////// <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . " "; } else { if (file_exists("uploaded_images/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; header('Refresh: 4; url=admin.php'); } else { move_uploaded_file($_FILES["file"]["tm… "uploaded_images/" . $_FILES["file"]["name"]); echo "Image Uploaded successfuly"; header('Refresh: 4; url=admin.php'); } } } else { echo "Invalid file"; } ?> Thanks
Answer:

this is not much good coding to upload the files. if you want the secure code i can share you what i am using. for details mail me at sourcehacking[at]gmail.com. I also write one blog content for file uploading both in web server and database server. Hope this will help you. Madan Sapkota

Andrew at Yahoo! Answers Visit the source

Was this solution helpful to you?

Other answers

I hope this isn't an actual, deployed script on a real live server. If it is, you need to disable this script ASAP. All someone has to do is send a carefully crafted upload with a type of 'image/jpeg' but a name of "../../../config.php" to do whatever they want on your web server. They need to craft the name to put a .php file in a directory where it doesn't currently exist but which is searched before the directory the script is in. Rest assured, this is not hard to do. You need to sanitize the filename! 100% confirm the extension. Make sure the filename does not contain any /'s or ..'s in it.

Related Q & A:

How to parse .log file and insert into database in PHP?Best solution by unix.com
How to upload a file to another server using cURL and PHP?Best solution by Stack Overflow
How convert .txt file to .Dat file in php?Best solution by Stack Overflow
How to use external PHP file in СakePHP 2?Best solution by Stack Overflow
How to connect php file to ms access?Best solution by Stack Overflow

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.