https://www.webmaster-forums.net/crss/node/1044640 en https://www.webmaster-forums.net/web-programming-and-application-development/how-upload-images-using-php#comment-1244099 <p>That's not only an INSECURE approach, it's badly written, wont work and incomplete!</p> <p>The mime type alone is not really a secure method to identify a file type.<br /> You can use it, but in conjunction with other things, such as checking file extension(s) (is .jpg or is .gif etc).</p> <p>Also, why not allow png? It's one of the best compression formats for the web.</p> <p>You set the variable "$msg" to contain various error messages, but never actually use the var (never echoed).</p> <p>You perform an "IF" test on these two variables: $userfile_size AND $userfile_type, but you haven't actually set them to be anything, they are null and therefore them checking if filesize and type is as should be will always return FALSE (i.e. they will be allowed regardless of their type and size).</p> <p>Besides, you didn't set the required file size limit in the html form anyway.</p> <p>________________</p> <p>All in all, it's a fairly bad tutorial considering you are a web development site! Do you provide clients with this poor level of security in their code and sites?<br /> Also, this is worded "EXACTLY" on other sites, so is this your tutorial or someone else's you have copied?</p> <p>I can only advise anyone reading this to stay WELL CLEAR of using <code>elevationnewmedia.com</code>'s web services!</p> Fri, 07 Aug 2009 12:37:00 +0000 greg comment 1244099 at https://www.webmaster-forums.net