test2

Is this really an uploaded file? The next thing you need to do is left out of more PHP instructions and books than you can imagine, but it’s critical. At this point, despite whether or not you have a real file, what your program has to work with is a file name. And that name is controlled entirely by what your users put into their file input box. So if they’re tricky, malicious, and thoroughly dishonest, they might try and put in a filename that does upload a file on their system, but also just so happens to match one of the special files on web servers that control things like, say, the passwords for users. (That file is usually /etc/passwd). You might think you must get your regular expressions on here and check for all kinds of fancy filename characters, but there’s an easier way. PHP gives you a function called is_uploaded_file that ensures that for a given name, that name references a file uploaded with HTTP (the language of web browsers and HTML forms). In other words, if the supplied name targets a file on your web server, this function will return false, and you know that something’s fishy. So you want to do something like this: // Make sure we didn't have an error uploading the image // Is this file the result of a valid upload? is_uploaded_file($_FILES[$image_fieldname]['tmp_name']) or handle_error("you were trying to do something naughty. Shame on you!", "Uploaded request: file named " . "'{$_FILES[$image_fieldname]['tmp_name']}'"); // Interact with MySQL Breathing and Sleeping Matter Any good programmer will tell you stories of at least a few all-night hacking sessions. And odds are, those stories will be tinged rosy, full of victories and excitement. But the truth of the matter is that fatigue slows the brain down, and no programmer is as effective on two hours of sleep as she is on six. Bottom line: a tired brain isn’t as useful as a rested one. And, because if you’ve been swimming in the pool of PHP programming for seven chapters before this one, now you’re well into the deep end. Chances are that you’re having to read at least a few things twice, and some of this new code introduces not just one or two new things, but three or four or five. There’s nothing at all wrong with this, but if you’re getting worn out, nobody wins by you plowing ahead. Take a few hours off, ride your bike, jog a mile, or just set PHP aside for the night. You’ll be stunned at how much clearer things seem after a bit of rest from programming. Don’t think that rest and taking a few moments to breathe out of sight of the keyboard are a sign of weakness; rather, just the opposite.