Kurinchi Blogger Scribbles ... » image upload http://kurinchilamp.kurinchilion.com On Open Source Technologies Mon, 02 Jan 2012 06:14:45 +0000 en hourly 1 http://wordpress.org/?v=3.3 PHP Image Upload and Security http://kurinchilamp.kurinchilion.com/2009/07/php-image-upload-and-security.html http://kurinchilamp.kurinchilion.com/2009/07/php-image-upload-and-security.html#comments Fri, 10 Jul 2009 01:16:49 +0000 kurinchilamp http://kurinchilamp.kurinchilion.com/?p=433 List of steps to take care when using PHP to upload images or documents

i) use is_uploaded() function to check if the file is uploaded before moving the file from temporary location

ii) sanitize the name of the file before moving the file from the temporary location by executing the ‘mv’ system command (use escapeshellargs, escapeshellcmd as needed)

iii) chmod the file setting to 644 if needed

iv) the directory from where the file will be moved and the destination directory should be initialized beforehand in order to prevent users from altering the path where the files could be stored

]]> http://kurinchilamp.kurinchilion.com/2009/07/php-image-upload-and-security.html/feed 0