Board index Linux General Stuffs

Moderator: chandranjoy

Simple file upload form(html,php) without validation

Postby chandranjoy » Fri Sep 02, 2011 5:25 am

Simple file upload form with no validation

A simple file upload form usually consists of a HTML form and a PHP script. The HTML form, is the form presented to the user, while the PHP script contains the code that takes care of the file upload. Below is an example of such form and PHP script:

HTML Form:

<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>


PHP Code:
Note: save this file as 'uploader.php'
<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>


Reference:

http://www.acunetix.com/websitesecurity ... threat.htm

Enjoy :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to General Stuffs

Who is online

Users browsing this forum: No registered users and 1 guest


cron