Hello chaps I am currently making a php upload form for an admin page for pictures, videos and audio.

So far I have done a check size, mime type. I presume I will need to check file extensions, how would be the best way to go about this and also is there anything I can do in php.ini to stop malicious code being executed from an external source just incase something bad does get uploaded?

Anything else that I should keep in mind for the upload form?

Thanks
Luke

Make sure you make the file difficult to execute when it's accessed. I think you can force download via apache httaccess in certain folders.

Ah right, the admin upload is there so the admin who doesn't know how to use FTP will be able to upload pic and then get access to them to use in which ever way he see fit.

using httacess can I make it so the file is just readable and I presume you can still parse audio and video to a webbpage so it's still viewable etc?

I recently wrote such a script and got alot of help from this article
http://www.scanit.be/uploads/php-file-upload.pdf

And also a bit from this website (which I think is actually baesed on the above article, or at least refers to it.)
http://www.mysql-apache-php.com/fileupload-security.htm

Quote:

Originally Posted by lizciz

I recently wrote such a script and got alot of help from this article
http://www.scanit.be/uploads/php-file-upload.pdf

And also a bit from this website (which I think is actually baesed on the above article, or at least refers to it.)
http://www.mysql-apache-php.com/fileupload-security.htm

Brilliant thank you both, anyone else like to add their $0.02 ?