Bastien Koert On 2013-07-10, at 3:29 PM, Anthony Wlodarski <ant92083@xxxxxxxxx> wrote: > Is there anything that would prevent you from somehow uniquely knowing who > the user is uploading the file. For example you mentioned "client'. If you > know > who the client is you can append that to the filename or prepend it, for the > destination string (second parameter to the function call). That way it is > unique > to that client. > > -Anthony Another option is that you name the files yourself. Numerically for example and then just switch it back to the uploaded file name when either displaying it or sending it back to the user. You should also place all files outside the web root so it's harder to execute bad files. And prolly filter for files types. Allow only images ( png jpg gif ) for example Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php