Cheers, thats great, in fact I recycled some code from a tutorial on the cake wiki (http://wiki.cakephp.org/tutorials:beginners_only) to do what i wanted fairly sucessfully. I have another question regarding the safety of letting users upload content to my database, as it seems a fairly risky business if you get it wrong! Firstly i check if the uploaded file exists and is a photo with if ($file = $this->params['form']['userfile']) and if ((is_uploaded_file($file['tmp_name'])) and ($filedetails = getimagesize($file['tmp_name'])))
Then I get the filestype to store in 'ext' by $filename = $file['name']; if (($pos = strrpos($filename, ".")) === FALSE) { $this->Picture->invalidate('no_file'); } else { $this->data['Picture']['ext'] = substr($filename, $pos + 1); } I then validate 'ext' in Picture.php using regex '/^(?:jpg|jpeg|gif|png)$/i' so that upload into the databse will be prevented before $this->Picture->save($this->data) It is a bit of a belt and braces approach, but is it safe? would a non-picture file be able to still be uploaded to the temp directory, and will it be able to execute if it was mailicous? when should i read the file content into the database, and when would a malicous piece of code be executed if it was uploaded sucessfully? would it be when the "image" was viewed again? Sorry for all the questions! Cheers, JP --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---