Jump to content
rootKID

what is syntax for script upload?...

Recommended Posts

hello w3schools again, i just have a question this time ;).today i was trying to adding a upload script to my personal website :). by following this tutorial: http://www.w3schools.com/php/php_file_upload.asp so here is my question.if im doing the saving part ''with'' the restrictions on it. what is the syntax for uploading a .torrent/.php/.html/ect file... i mean, before a filetype, there is somfthing that needs to be typed, like now, (image) ect...what is the syntax for making the part of a PHP and TORRENT file. thanks in advance.Hoping answers soon.

  • Like 1

Share this post


Link to post
Share on other sites

I'm not sure what you mean. What code do you have and what problems in it are you having? Are you talking about filtering for certain file types?

Share this post


Link to post
Share on other sites

as a example, then i have to type like so with image inside the restriction like so:

|| ($_FILES["file"]["type"] == "image/jpeg")

now, notice just right the /jpeg, there is a word (image)... now, my question is that if i need to code a forum ect, and they should be able to upload .PHP files orr .TORRENT Files ect, what is the syntax for that?... is that just script and torrent i should replace with image? or what?...

Share this post


Link to post
Share on other sites

The value of "type" is a MIME type.There is a list of official MIME types at IANA, but applications can always define their own.The value you get in the $_FILES array in particular is defined by the browser. A browser could, in theory, send you a ".jpeg" file with "text/plain" MIME type, or something that's not even an official MIME type like "cook/right". In practice, only hackers ever try to do that.Still, the point of a MIME type in general is to let your application know how it should treat a file, regardless of its extension.In theory, it's up to you to define what MIME types you'll be handling, and it's up to the user to provide a file with valid MIME type which you'd then make sure to treat properly. In practice, because users don't have much of a control (or understanding) of how their browser handles MIME types, and only attackers try to abuse MIME types, what you should do is check for file extensions, and treat the files according to their extension, providing error messages when a forbidden one is given.

Share this post


Link to post
Share on other sites

thanks. that helped alot! :)...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...