Viewers: in countries Watching now:
The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
When creating the upload folder or directory on your remote server, there are a couple of considerations you need to bear in mind. First, you need to set the right permissions. The web server needs to be able to write to the folder. Most PHP sites are hosted on Linux servers. From the security viewpoint, permissions should be as restrictive as possible. Start by trying seven, five, five. Seven gives the owner read, write and execute permissions.
Setting the other two values to five prevents anyone else from writing to the folder. But they can read files and access sub folders. In most cases this should be sufficient. However if that doesn't work, try seven, seven, five. This gives the group read, write and execute permissions, but prevents global users from writing. If you're on a Windows server, check with the Server Administrator. The other important consideration is where you put the folder. If you put it inside the server root, uploaded files will be immediately accessible to anyone.
If the upload form is password protected and you can trust everyone who will be uploading files, that's probably okay. But you're on much safer ground, if you store uploaded files outside the server route. If the files are going to be displayed on your site, it gives you chance to inspect them to make sure they don't contain malicious or obscene content. In this course, we'll be testing upload scripts locally. To keep things simple, I'll be creating the upload folder inside the testing site root.
But you can choose wherever you like. If you're using Linux in your local testing environment, chmod the upload folder to 755 or 775. On Windows, just create the upload folder, you don't need to set any special permissions. However, on Mac OS 10 you need to give read and write permissions on the upload folder. For the benefit of Mac users, let me quickly show you how to do that. Windows and Linux users can skip the rest of this video.
I'm using MAMP on my Mac, So that site is in Applications>MAMP>htdocs>uploads. Now, I need to create a folder for the upload files. Create a new folder, if necessary insert your Mac administrative password. And then rename the folder, I'm going to call it uploaded, wants my password again. And then once you've created the folder press Cmd+I to bring up a get info pane.
If necessary, expand sharing and permissions at the bottom and then click the padlock icon to make some changes. Again, you need to put in your password and then change everyone. Change the privilege to read and write, then you can click the padlock icon. To prevent further changes being made and close the Get Info panel. And that's it. You're now ready to complete the basic upload script.
There are currently no FAQs about Uploading Files Securely with PHP.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.