On Aug 26, 2007, at 2:56 PM, Richard Lynch wrote:
On Sun, August 26, 2007 10:34 am, jekillen wrote:
I have been working on a project that has registered users, each
having
a user space portion of the web site file system. I want them to be
able to upload images and such and have the stuff transfered to their
own user spaces. With one up load temp dir designated, how do I
insure that the uploaded files get to the correct destination?
http://php.net/move_uploaded_file
And, BEFORE you move it, you should Validate the uploaded file as many
ways as practical for your web application.
Yes, I agree, I want to completely decontaminate all uploaded files but
I
am not sure of a system that will do that.
like embedding scripts in image files, binary files, encrypted images
(I forgot the term for that, stegonography or something), shell
escape chars, incompatible files, viruses, erroneous mime or file types,
you name it, I want to check it out before it is a problem.
JK
I am using Apache on unix based host and am aware that php
assigns a temp name to files that are uploaded, but if different
users are uploading files concurrently, there could be a confusion
as to where each file should be transfered to.
The user uploading the file is probably logged in, and you probably
have some kind of user_id or Profile and can decide where to move the
file based on that user's identity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
