Re: Query regarding temporarily-uploaded files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Bastien Koert

On 2013-07-10, at 3:29 PM, Anthony Wlodarski <ant92083@xxxxxxxxx> wrote:

> Is there anything that would prevent you from somehow uniquely knowing who
> the user is uploading the file. For example you mentioned "client'.  If you
> know
> who the client is you can append that to the filename or prepend it, for the
> destination string (second parameter to the function call).  That way it is
> unique
> to that client.
> 
> -Anthony

Another option is that you name the files yourself. Numerically for example and then just switch it back to the uploaded file name when either displaying it or sending it back to the user. 

You should also place all files outside the web root so it's harder to execute bad files. And prolly filter for files types. Allow only images ( png jpg gif ) for example

Bastien 
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux