Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


chevrolux

4962 posts

Uber Geek
Inactive user


#257464 4-Oct-2019 14:32
Send private message

Kia ora team, just a general question for the developer types out there.

 

We have a little custom calendar 'app' we use to manage our civil teams who aren't, obviously, office-bound with easy PC access. It's HTML (with bootstrap for styling/responsiveness) with a PHP & MySQL back-end. The whole thing is behind a log-in.

 

I'm knocking together a basic web form they can use for near miss reporting so they can just jump on their phones and fill this out. I'd like to include a file upload field so they can take a photo and upload if required. I just wanted to sound off what I plan on doing and see if it's the "right" thing to do....

 

- User submit forms
- PHP to check file type, and if it's actually an image (apparently getimagesize() can be used to do that?)
- If file OK, rename with a unique ID (to avoid conflicting file names) and dump in to a folder in the web directory
- Create a DB entry (probably just do a separate table for them i guess?) with the UID/filename, and other appropriate info to index against the correct 'near miss report'

 

From there a "manager" will just get a notification a new report has been submitted, and they can jump on to a view a list of the reports and export a PDF of the report if required - hence the need to store the image.

 

Does that all sound OK? Anything else I should verify before letting the file to be uploaded to the script?

 

This isn't a "mission critical" type application. It runs on a VM that gets backed up daily, so I'm not overly concerned with security, but also don't want the pain of having to rebuild it just because of some dodgy file upload.


Create new topic
jarledb
Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2329652 4-Oct-2019 14:45
Send private message

You should make sure its not possible to execute PHP and other script languages in the folder you store the images.

 

I would also make sure that its not easy to go through the images, thats to say that you don´t store them as imageID.jpg (thats to say, image01.jpg, image02.jpg etc). If its easy to increase the number and find the attachments that might be a problem in that the images would be easily available for people that shouldn´t see them.

 

 

 

This discussion on Stackoverflow seems a good one on the topic.





Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.




freitasm
BDFL - Memuneh
79254 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2329667 4-Oct-2019 15:34
Send private message

That's pretty much what I've done on Geekzone with image uploads.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


chevrolux

4962 posts

Uber Geek
Inactive user


  #2329686 4-Oct-2019 16:49
Send private message

That Stackoverflow link is excellent!

 

Looks like I had the right idea. Didn't think about using htaccess to stop PHP running in that folder - great plan. Now also understand how getimagesize can work too.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.