Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Nov 2007
    Thanked 0 Times in 0 Posts

    Security Question for PHP File Upload

    Recently my form was attempted (maybe successfully) to be hacked via php script embedded in a jpg. I originally thought the form was secure because the files never leave the default apache temporary directory.

    Basically my form data is posted, and uploaded into a database as a blob, then is downloaded via an administrative panel.

    I've been reading a lot of posts and discussions on this it from my understanding, the major security risk is when the file is actually being displayed or stored in a location able to be navigated to via web.

    I can include my code if needed, it's just a basic insert escaped file data into a table though.

    Should I be concerned?
    Time after Time

  • #2
    Senior Coder
    Join Date
    Nov 2010
    Thanked 32 Times in 31 Posts
    From my experience most of these defunk .jpg's are 1x1 in size so you can set a min size if you wish and that should stop many of them.


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts