Rename an uploaded file with PHP but keep the extension

Question

I\'m using PHP to upload an image from a form to the server and want to rename the image lastname_firstname.[original extension]. I currently have:

move_upl         


        

Answer 1

this code is insecure

move_uploaded_file($_FILES["picture"]["tmp_name"], "peopleimages/" . "$_POST[lastname]" . '_' . "$_POST[firstname]". $extension);

if

$_POST[firstname] =mypicture.php%00

and

$extension=.jpg;

this code is vulnerable and result is

test.php%00.jpg //test.php uploaded on server.

for more information check this link:

https://www.owasp.org/index.php/Unrestricted_File_Upload