rootKID Posted July 1, 2012 Share Posted July 1, 2012 hello w3schools again, i just have a question this time .today i was trying to adding a upload script to my personal website . by following this tutorial: http://www.w3schools.com/php/php_file_upload.asp so here is my question.if im doing the saving part ''with'' the restrictions on it. what is the syntax for uploading a .torrent/.php/.html/ect file... i mean, before a filetype, there is somfthing that needs to be typed, like now, (image) ect...what is the syntax for making the part of a PHP and TORRENT file. thanks in advance.Hoping answers soon. 1 Link to comment Share on other sites More sharing options...
thescientist Posted July 2, 2012 Share Posted July 2, 2012 I'm not sure what you mean. What code do you have and what problems in it are you having? Are you talking about filtering for certain file types? Link to comment Share on other sites More sharing options...
rootKID Posted July 2, 2012 Author Share Posted July 2, 2012 as a example, then i have to type like so with image inside the restriction like so: || ($_FILES["file"]["type"] == "image/jpeg") now, notice just right the /jpeg, there is a word (image)... now, my question is that if i need to code a forum ect, and they should be able to upload .PHP files orr .TORRENT Files ect, what is the syntax for that?... is that just script and torrent i should replace with image? or what?... Link to comment Share on other sites More sharing options...
boen_robot Posted July 2, 2012 Share Posted July 2, 2012 The value of "type" is a MIME type.There is a list of official MIME types at IANA, but applications can always define their own.The value you get in the $_FILES array in particular is defined by the browser. A browser could, in theory, send you a ".jpeg" file with "text/plain" MIME type, or something that's not even an official MIME type like "cook/right". In practice, only hackers ever try to do that.Still, the point of a MIME type in general is to let your application know how it should treat a file, regardless of its extension.In theory, it's up to you to define what MIME types you'll be handling, and it's up to the user to provide a file with valid MIME type which you'd then make sure to treat properly. In practice, because users don't have much of a control (or understanding) of how their browser handles MIME types, and only attackers try to abuse MIME types, what you should do is check for file extensions, and treat the files according to their extension, providing error messages when a forbidden one is given. Link to comment Share on other sites More sharing options...
rootKID Posted July 2, 2012 Author Share Posted July 2, 2012 thanks. that helped alot! ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now