Join David Powers for an in-depth discussion in this video Preparing the upload folder, part of Uploading Files Securely with PHP.
- View Offline
…When creating the upload folder or directory on your remote server,…there are a couple of considerations you need to bear in mind.…First, you need to set the right permissions.…The web server needs to be able to write to the folder.…Most PHP sites are hosted on Linux servers.…From the security viewpoint, permissions should be as restrictive as possible.…Start by trying seven, five,…five.…Seven gives the owner read, write and execute permissions.…
Setting the other two values to five…prevents anyone else from writing to the folder.…But they can read files and access sub folders.…In most cases this should be sufficient.…However if that doesn't work, try seven, seven, five.…This gives the group read, write…and execute permissions, but prevents global users…from writing.…If you're on a Windows server, check with the Server Administrator.…The other important consideration is where you put the folder.…If you put it inside the server root,…uploaded files will be immediately accessible to anyone.…
If the upload form is password protected and you can…
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
- How PHP handles file uploads
- Setting the maximum file size
- Moving the file to its destination
- Creating and using a namespaced class
- Displaying error messages
- Restricting unacceptable MIME types and file extensions
- Using the class
- Reporting errors
- Altering the user