php upload image and documents like pdf,doc,ppt -


Hello all I am working on a web page where users upload images and applications such as image file, ppt, pdf, axle File etc .. But I'm sure anybody about my code can suggest me better and more secure way to deal with this. I want to check mime from client side, not server side and I also want the maximum file size of 7 MB. This is my code, anybody can give me some suggestions

  $ Permitted X-rays = array ("PDF", "Doctor", "Docs", "PNG", "JPG" , "Jpg" "gif"); $ Extension = end (explosion (".", $ _FILES ["uploadist"] ["name"])); ($ $ _FILES ["uploadist"] ["type"] == "app / pdf") ($ _FILES ["uploadist"] ["type"] == "app / msword") || ($ _FILES [ "upload"] [ "type"] == "application / vnd.openxmlformats-officedocument.wordprocessingml.document") || ($ _FILES [ "Aplodik"] [ "type"] == "image / png") ($ _FILES ["uploader"] ["type"] == "image / jpeg") || ($ _FILES ["uploadist"] ["type"] == "picture / jpg") and ($ _FILES [ "uploadpic"] [ "size"] & lt; 7340032) & amp; amp; amp; Awr_are (get $ extension $ permission)) {if ($ _FILES [ "uploadpic"] [ "error"] & gt ; 0) {echo 'error'; Go out; } And {$ filetname = $ _ files ['uploadist'] ['tmp_name']; $ Filename = $ _ files ['uploadist'] ['name']; $ Insert = move_uploaded_file ($ filetname, "folder / $ file name"); $ Insertpostsandpic = mysql_query ( "` database` ( `Aidi`,` Nam`, `Tarik`) into values ​​( '$ id', '$ filename', '$ time')); echo 'success'; Exit ;}} Else {echo 'unsuccessful'; go out;} Create two arrays: one with acceptable extension and one with accepted mime types.  

SplFileInfo :: getExtension ()

I suggest the following code:

  $ approved_mimes = array ('image / png', 'Application / pdf' Adiovroun '); $ Swikrit_akstenshn = Array ( "PNG", "PDF", "Adiovroun'); $ Max_file_size = 7 * 1000 * 1000; $ File = $ _FILES [ 'filename'] [ ' tmp_name ']; $ Obj = new SplFileInfo ($ file), $ extension = $ obj- & gt; getExtension (); $ mime = $ obj- & gt; getType (); $ size = $ obj- & gt; getSize (); if (! In_array ($ extension $ Swikrit_aktekshn)) {echo 'extension' $ extension. 'unacceptable';} if (! In_array ($ mime, $ Swicary_myon)) {echo 'extension' $ mime. 'Not approved'; } If ($ size> $ max_file_size) {echo 'File size exceeds maximum file size limit'; }  

Comments