First questions was already posted over on a.php, but no one responded, so
I'm gonna post it again here:
So I have a block of code that is used when a user uploades a picture file.
Initially the script detects what kind of picture file the user uploaded and
then acts accordingly. The following is the code for a jpeg:
if($t == 'image/jpeg'){
$src_img = ImagecreateFromJpeg($uploadfile);
$size = getimagesize("../album/users/$uname/$album/$pic_name");
$width = $size[0];
$height = $size[1];
$width = round(($width/4));
$height = round(($height/4));
$dst_img = ImageCreateTrueColor($width,$height);
ImageCopyResized($dst_img, $src_img, 0,0,0,0, $width, $height, $size[0],
$size[1]);
ImageJpeg($dst_img, "users/$uname/$album/small/$pic_name", 60);
Basically, makes a picture is the appropriate folder, then resizes makes a
copy 1/4th the size before in another folder. Now, I can pretty much reuse
this code with gifs and pngs, by just changing the relevant functions, but
here's my question: with bmp files, it wont seem to work at all. It gives an
error message that basically says that the bmp file the user uploades isnt a
valid bmp file. Any idea how to get that to work?
The second question I have is in regards to security and PHP. I'm basically
making my first web application that other people might actually use, so I
have to make sure it's secure. So far, what I plan on doing is making sure
that data from users is not left blank, doesn't exceed the expected length,
and whenever possible is completely alphanumeric. With the file uploads, I'm
checking for file type as well. Is there anything else that I should keep in
mind? Also, I'm not really that good at regular expressions yet, so if
someone could tell me if some of the reg. exps. I'm using are adequate would
be good.
To check for a valid email:
^[a-zA-z0-9_\-\.]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$
and
to check that data is alphanumeric: [^0-9a-zA-z]
Thanks a lot in advance.
--
<=============>
--Lee
http://www.inaneasylum.org
Goodbye, adios, bis bald, see ya later, weidersehen, and everything in
between