In your code, where you have:
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], ".");
...
you should check the extension of the file been uploaded
you should'n accept files with php, cgi, asp, etc., extensions neither an
index file
if you do, some user (hacker) could upload a script and would be inside your
server
then check this:
if (is_uploaded_file($_FILES['ufile1']['name'])) {
if ( <the file is not a script > ){
copy($_FILES['ufile1']['name'], ".");
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
