07-10-2012, 02:11 AM
[eluser]boltsabre[/eluser]
Sorry, a little off topic from your actual question, this isn't in regards to your actual code, but just a warning about file uploads in general.
If you didn't already know, they are VERY risky, and if not done correctly can leave some MASSIVE security holes in your application/website.
Make sure you do a google on "php file upload security", there are such things as redrawing images (highly suggested), the set up of you .htaccess file/s and folder structures, creating new random file names, handling code that's been inserted in image meta tags, handling the double extension hack (ie, myimage.php.jpg) and many other things.
It's a lot of extra work, but you'll be sorry you didn't if someone deletes your entire website from the server (very easy and possible to do), steals your usernames and passwords, or something else malicious.
Sorry, a little off topic from your actual question, this isn't in regards to your actual code, but just a warning about file uploads in general.
If you didn't already know, they are VERY risky, and if not done correctly can leave some MASSIVE security holes in your application/website.
Make sure you do a google on "php file upload security", there are such things as redrawing images (highly suggested), the set up of you .htaccess file/s and folder structures, creating new random file names, handling code that's been inserted in image meta tags, handling the double extension hack (ie, myimage.php.jpg) and many other things.
It's a lot of extra work, but you'll be sorry you didn't if someone deletes your entire website from the server (very easy and possible to do), steals your usernames and passwords, or something else malicious.
