Skip to content
Advertisement

PHPMailer file upload is this correct

Hi I have been struggling with working out the correct way to structure file uploads. With a lot of help I have managed to get it working but want to make sure that what I have come up with is correct and secure. Here is the full code. One thing that occurred to me is if I am moving the files to a temp directory and then compressing them to a desired directory do the files still exist in the temp directory? Do I need to delete those?

Here is the full code:

JavaScript

Advertisement

Answer

move_uploaded_file() does what it says: it moves the file, so it is no longer in the original temp directory, but wherever you moved it to.

Your series of if/elseif checks will only ever match a single problem – it’s nicer for your users if you detect all the problems in one go rather than just one at a time, so most of those elseifs should just be ifs.

This looks wrong:

JavaScript

$target_file contains the original user-supplied filename, not the moved filename ($uploadfile), so I would not expect a file with that name to exist.

This looks like a typo: $msg.="wrongeimage";

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement