Validations in php
Hopefully it now goes without saying (although I’ll do so anyway) that form-data validation is of the utmost importance, due to the possibility of users attempting to hack into your server.
In addition to maliciously formed input data, some of the things you also have to check are whether a file was actually received and, if so, whether the right type of data was sent. Taking all these things into account, previous example, index1.php, is a rewrite of index.php.
<!-- index1.php -->
<!DOCTYPE html>
<html>
<head>
<title>PHP Form Upload</title>
</head>
<body>
<form method='post' action='index1.php' enctype='multipart/form-data'>
Select a JPG, GIF, PNG or TIF File:
<input type='file' name='filename' size='10' />
<input type='submit' value='Upload' />
</form>
<?php
if ($_FILES) {
$name = $_FILES ['filename'] ['name'];
switch ($_FILES ['filename'] ['type']) {
case 'image/jpeg' :
$ext = 'jpg';
break;
case 'image/gif' :
$ext = 'gif';
break;
case 'image/png' :
$ext = 'png';
break;
case 'image/tiff' :
$ext = 'tif';
break;
default :
$ext = '';
break;
}
if ($ext) {
$n = "image.$ext";
move_uploaded_file ( $_FILES ['filename'] ['tmp_name'], $n );
echo "Uploaded image '$name' as '$n':<br />";
echo "<img src='$n' />";
} else
echo "'$name' is not an accepted image file";
} else
echo "No image has been uploaded";
?>
</body>
</html>
