php'de resim upload yaparken konunun en altındaki kodu kullanıyorum. Kodu okumanıza gerek yok, açıklayayım. Type ine baktırıp jpeg izin veriyorum ve boyutunu da 350kb yapıyorum. Bu yeterince güvenli midir ? Daha güvenli hale nasıl getirebilirim ?
//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") &&
($_FILES["uploaded_file"]["size"] < 350000)) {
$newname = dirname(__FILE__).'/upload/'.$filename;
if (!file_exists($newname)) {
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
echo "It's done! The file has been saved as: ".$newname;
} else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
