Hi friends,

In one of my website I want to implement file upload ( Only Image ) facility. I m using http file upload and make a directory in my server set to mode 0777. Is it a secure method ? Or else what is the secure method for user side file upload facility. Also what about ftp upload and its security ?

Please advise me
Thanks in advance

The security risk making available 'upload to server' from your website can not be stressed enough. Here is a simple uploader for you to test and see how it works. This is not a finished secure script.

PHP should do the trick.

<form enctype="multipart/form-data" action="uploads/upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />

Save this code in the HTML file you want to display the upload form.

Now you can start to write a basic PHP upload manager script! Here is how we would get the temporary file name, choose a permanent name, and choose a place to store the file.

// Where the file is going to be placed 
$target_path = "uploads/";

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

create a new directory in the directory where upload.php resides, called "uploads", as we are going to be saving files there.

$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";

Have fun with it.