PHP experts!

Out of context: Reply #3

• Started
• Last post
• 6 Responses

• davetufts0

  you should definately check the extension - since (normally) PHP files will only be executed if they have a '.php' extension, it's best to check that way (even if there's php code in a '.txt' file, the server won't execute it)

  so after your file's been uploaded:

  if (stristr($your_file, ".php")) {
  // delete the uploaded file
  unlink("/path/to/$your_file");
  die("error...");
  }

  davetufts 0Permalink

  UpvoteDownvote

  Flag

  Show [[ numHiddenNotes ]] more notesAdd Note

  SaveCancel

View thread