0

Hi friends,

In one of my website I want to implement file upload ( Only Image ) facility. I m using http file upload and make a directory in my server set to mode 0777. Is it a secure method ? Or else what is the secure method for user side file upload facility. Also what about ftp upload and its security ?

Please advise me
Thanks in advance
Rajeesh

2
Contributors
1
Reply
4
Views
6 Years
Discussion Span
Last Post by Fusion UK
0

The security risk making available 'upload to server' from your website can not be stressed enough. Here is a simple uploader for you to test and see how it works. This is not a finished secure script.

PHP should do the trick.

<form enctype="multipart/form-data" action="uploads/upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

Save this code in the HTML file you want to display the upload form.

Now you can start to write a basic PHP upload manager script! Here is how we would get the temporary file name, choose a permanent name, and choose a place to store the file.

// Where the file is going to be placed 
$target_path = "uploads/";

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

create a new directory in the directory where upload.php resides, called "uploads", as we are going to be saving files there.

$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}

Have fun with it.

George.

Edited by Ezzaral: Snipped &quot;fake sig&quot; link. Please restrict such links to your site-wide user signature, which can be edited from the user control panel.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.