2) put the attached files on the file system not into a database. then, only link them from the web page.

[edited by: NomikOS at 2:12 am (utc) on June 24, 2008]

dc

Neils - Nomik is correct, it shows up on the $_FILES global array instead of $_POST. enctype needs to be set to "multipart/form-data" which you've done

PHP also recommends (maybe requires) using a hidden input with the name MAX_FILE_SIZE set to be PHP's maximum file size; it helps prevent users waiting for a large file to upload, only to find out it's too large! I don't know if this is required, see the PHP documentation.

You cannot make the form itself restrict the filetype, but you can check the filetype once it has been uploaded, and you can check the file extension before you upload it with Javascript. You can do this by using document.getElementById() with the File Upload field's ID and then checking the final few characters. In PHP, you can get the actual file type using $_FILES['fileUploadFieldName']['type']. It will return the MIME type of the document (i.e., image/gif)

More info on the PHP side here: [us3.php.net ]

I do hope that link's not in bad taste.

Edit: Try removing the MaxSize attribute on the file upload field. I don't know if it is relevant, but on text fields that limits the number of characters allowed. If you had a large path like "C:\Documents and Settings\SomeUser\My Documents\Folder64321\images\that-boat-ride-we-took-last-fall\ jeffs-pictures\oh-the-one-where-hes-holding-a-hammer.jpg" the upload may fail.

[edited by: coopster at 1:13 pm (utc) on June 25, 2008]
[edit reason] broke up example path to fix sidescroll [/edit]

Oops, I think you`re right. Thanks npwsol. ;)

You need to be careful allowing people to upload files. For example, lets say you are validating for a .doc extension. What if I uploaded a file as file.php.doc? Easy way for people to upload and execute harmful code.

I would suggest you always rename the file on upload. Take the original extension and rename.

There is a file upload tutorial in our library. You could check that out and see if it gave you any starting points:

[webmasterworld.com...]

Scroll down for Birdman`s code snippet.

dc

You need to be careful allowing people to upload files. For example, lets say you are validating for a .doc extension. What if I uploaded a file as file.php.doc? Easy way for people to upload and execute harmful code.

[edited by: coopster at 1:11 pm (utc) on June 25, 2008]
[edit reason] fixed sidescroll by quoting [/edit]

On security side,how can other websites(monster,yahoo) have a way to browse and attach documents or pics ?
what technology or software they use ?
examples:dating sites..they will have all forms for text and attach links to attach pics that will go live as soon as they click submit(i m pretty sure it goes to a database unless there is somebody sitting and putting links on pages out there)

I kinda know how to attach files to get them emailed using php,but I was looking for POST methods,which you guys understood correctly.

any suggestions would be appreciated..even if its not php.
thanks

Once the file is uploaded correctly to a specific area there are a few ways that you can 'get' that image from another page. A few are 1) storing the path of the image within a database table so that it can be accessed in a script or 2) traverse the file system for a particular file. It really depends on your application whether or not you can use the second method, because other things come into play. For a dating site, to stay with your example, I would store the path to the image in the database table so that I can retrieve it later in, say, the profile page.

also,if that happens,how can the path to that image be tracked so that i can store it in database ?

take a full script (http://www.phpclasses.org/ has a lot) and study it.

phpclasses has Social Networking

read the manual :(

[edited by: eelixduppy at 3:55 am (utc) on July 7, 2008]
[edit reason] removed URL [/edit]