[FX.php List] [OFF] Potential gotchas with uploading files?

Joel Shapiro jsfmp at earthlink.net
Fri Apr 3 12:01:23 MDT 2009


Thanks everybody for all your input.

Webko's FileThingie seems very cool although more than I'd need for  
this project -- but I did have issues ("unknown error") with it on my  
web host.  I didn't do any troubleshooting on it, but it confirms  
that there can be various server issues that will likely need to be  
dealt with in addition to things like validating & restricting file  
types.

Michael's Easy PHP Upload looks nice and simple but I haven't  
downloaded it yet.

I think I've got my answer.  Now I just need to decide how big of a  
headache I'm willing to take on for this project ;)

Thanks all.

-Joel


On Apr 3, 2009, at 10:10 AM, Dale Bengston wrote:

> Hi Bob,
>
> Well, it still has to be a directory that has www write  
> permissions, but as you pointed out in your example, that directory  
> is known to the PHP scripts but not exposed to the user.
>
> This is where I started:
>
> http://us.php.net/manual/en/reserved.variables.files.php
> http://us.php.net/manual/en/function.is-uploaded-file.php
> http://us.php.net/manual/en/function.move-uploaded-file.php
>
> Dale
>
> On Apr 3, 2009, at 11:52 AM, Bob Patin wrote:
>
>> Dale,
>>
>> How do you move the files to another directory without having to  
>> give the same permissions to the final directory? I'd be  
>> interested in seeing how that's done...
>>
>> Best,
>>
>> Bob Patin
>>
>>
>> <new_logo_idea3_120w.jpg>
>>
>> Longterm Solutions
>> bob at longtermsolutions.com
>> 615-333-6858
>> http://www.longtermsolutions.com
>> iChat: bobpatin
>> AIM: longterm1954
>> FileMaker 9 Certified Developer
>> Member of FileMaker Business Alliance and FileMaker TechNet
>> --------------------------
>> FileMaker hosting and consulting for all versions of FileMaker
>> PHP • Full email services • Free DNS hosting • Colocation •  
>> Consulting
>>
>> On Apr 3, 2009, at 11:38 AM, Dale Bengston wrote:
>>
>>> I followed the strategy laid out on php.net for uploading files  
>>> to a temp directory, validating there, and moving/renaming valid  
>>> files to another location. Anything not passing validation is  
>>> deleted from the temp directory and the user gets an error message.
>>>
>>> I'm looking at Michael's and Webko's suggested libraries now, for  
>>> one really good reason: multiple file upload support. This is  
>>> going to be huge for a brand/content management system I am just  
>>> beginning to develop.
>>>
>>> Dale
>>>
>>> On Apr 3, 2009, at 12:39 AM, Head Honcho wrote:
>>>
>>>> Hi Joel,
>>>>
>>>> On 03/04/2009, at 1:15 PM, Joel Shapiro wrote:
>>>>
>>>>> Hi all
>>>>>
>>>>> I'm looking for thoughts on how complicated an upload-file site  
>>>>> can be.
>>>>>
>>>>>
>>>> <snip />
>>>>
>>>>>
>>>>> For those that have worked with this, what kinds of problems  
>>>>> can should I be ready for?  Could this be a big headache?
>>>>
>>>> I use the "easy upload" (<http://www.finalwebsites.com/ 
>>>> snippets.php?id=7>) class which allows me to set file sizes/ 
>>>> types as part of my script.
>>>>
>>>> Permissions can be a problem.. the upload folder will have to  
>>>> have write permissions for the web server (_www or www or nobody  
>>>> or whateverTheWebUserIsOnYourSystem).  Those using the files  
>>>> will need read privileges at least.
>>>>
>>>> Regards
>>>>
>>>> Michael Ward
>>>> --
>>>> Head Honcho
>>>> CustoMike Solutions
>>>> Member, FileMaker Business Alliance
>>>> Member, FileMaker Technical Network
>>>> FileMaker 7 Certified Developer
>>>> FileMaker 8 Certified Developer
>>>> FileMaker 9 Certified Developer
>>>> 10 Wandoo Crt
>>>> Wheelers Hill, 3150
>>>> ph 0414 562 501
>>>> headhoncho at customikesolutions.com
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list