Jump to content

what is syntax for script upload?...


rootKID

Recommended Posts

hello w3schools again, i just have a question this time ;).today i was trying to adding a upload script to my personal website :). by following this tutorial: http://www.w3schools.com/php/php_file_upload.asp so here is my question.if im doing the saving part ''with'' the restrictions on it. what is the syntax for uploading a .torrent/.php/.html/ect file... i mean, before a filetype, there is somfthing that needs to be typed, like now, (image) ect...what is the syntax for making the part of a PHP and TORRENT file. thanks in advance.Hoping answers soon.

  • Like 1
Link to comment
Share on other sites

I'm not sure what you mean. What code do you have and what problems in it are you having? Are you talking about filtering for certain file types?

Link to comment
Share on other sites

as a example, then i have to type like so with image inside the restriction like so:

|| ($_FILES["file"]["type"] == "image/jpeg")

now, notice just right the /jpeg, there is a word (image)... now, my question is that if i need to code a forum ect, and they should be able to upload .PHP files orr .TORRENT Files ect, what is the syntax for that?... is that just script and torrent i should replace with image? or what?...

Link to comment
Share on other sites

The value of "type" is a MIME type.There is a list of official MIME types at IANA, but applications can always define their own.The value you get in the $_FILES array in particular is defined by the browser. A browser could, in theory, send you a ".jpeg" file with "text/plain" MIME type, or something that's not even an official MIME type like "cook/right". In practice, only hackers ever try to do that.Still, the point of a MIME type in general is to let your application know how it should treat a file, regardless of its extension.In theory, it's up to you to define what MIME types you'll be handling, and it's up to the user to provide a file with valid MIME type which you'd then make sure to treat properly. In practice, because users don't have much of a control (or understanding) of how their browser handles MIME types, and only attackers try to abuse MIME types, what you should do is check for file extensions, and treat the files according to their extension, providing error messages when a forbidden one is given.

Link to comment
Share on other sites

thanks. that helped alot! :)...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...