开发者

Is this a safe way to create an ajax upload form? [closed]

开发者 https://www.devze.com 2023-03-31 01:28 出处:网络
开发者_运维知识库 It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical andcannot be reasonably answered in its current for
开发者_运维知识库 It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

I found this link online,

http://www.ultramegatech.com/blog/2010/10/create-an-upload-progress-bar-with-php-and-jquery/

Is it safe to install this php widget/plugin and then use it?

Maybe someone has another suggestion for a file upload system?

I have a form with a title, description and the input for the image. Upon submit, it should upload the image showing the upload process, then enter the data into the MySQL table upon successful upload.

On a mac, you can drag and drop the files into the file input, so I'd like to keep that original look and feel.


Of course it is safe.

The important part is not the "interface" of the uploader which can be Ajax, RAW HTML, or whatever client you might use; It is rather the PHP processing script that will receive the uploaded file and process it.

Things you might want to consider in your 'upload.php' handler:

  • checking file size
  • checking file extension
  • checking if file is a duplicate
  • checking correct permissions so server can write/read it
  • checking if user is abusing the upload system (cookie)
  • etc..
  • after all, save it for further needs ;)

Good luck.


The following is the source code of upload.php script:

    <?php
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
    $path = './uploads/' . basename($_FILES['file']['name']);
    move_uploaded_file($_FILES['file']['tmp_name'], $path);
}

As you can see, it is not doing any type of checking. If you upload any PHP shell script it will upload it without any problem. So it is not safe. The following link may help you: PHP image upload security check list

0

精彩评论

暂无评论...
验证码 换一张
取 消