Hi friends,
In one of my website I want to implement file upload ( Only Image ) facility. I m using http file upload and make a directory in my server set to mode 0777. Is it a secure method ? Or else what is the secure method for user side file upload facility. Also what about ftp upload and its security ?
Please advise me
Thanks in advance
Rajeesh
The security risk making available 'upload to server' from your website can not be stressed enough. Here is a simple uploader for you to test and see how it works. This is not a finished secure script.
PHP should do the trick.
<form enctype="multipart/form-data" action="uploads/upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>Save this code in the HTML file you want to display the upload form.
Now you can start to write a basic PHP upload manager script! Here is how we would get the temporary file name, choose a permanent name, and choose a place to store the file.
// Where the file is going to be placed
$target_path = "uploads/";
/* Add the original filename to our target path.
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);create a new directory in the directory where upload.php resides, called "uploads", as we are going to be saving files there.
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}Have fun with it.
George.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.