Home/ Questions/Q 964245
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T01:47:46+00:00

I have read the following tutorial Uploading Files To the Server Using PHP and

  • 0

I have read the following tutorial “Uploading Files To the Server Using PHP
and have several questions related to the topics.

Q1> The tutorial mentions that

“Note that PHP must have write access
to $uploadDir or else the upload will
fail”

For me, I only allow the user to upload the file after the user has login to the website.
If we set that $uploadDir permission as 777, then everyone can have written permission to that folder. How to avoid this problems?

Also I am using WAMP as my testing bed, can I simulate the same case as a real web server?

Q2> In order to prevent Preventing direct access, the tutorial mentions:

“A better approach is to move the
upload directory away from your web
root. For example, the web root for
this site is:
/home/arman198/public_html/ to prevent
direct listing i can set the upload
directory to /home/arman198/upload/.”

Now my problem is that how can I display the uploaded images on other website pages. Since, the upload is not accessible directly anymore? I need to display the uploaded image save personal headshot dynamically on other website page. Is it possible?

Thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s a common problem.

    All modern computers have a temporary files directory. On Linux/Unix it’s /tmp, on Windows it’s usually c:\temp. The OS install will have set permissions on that directory so that anyone can write files there but only privileged users can delete files that don’t belong to them. This is where PHP will want to put an uploaded file; your application then has to move it elsewhere (this is the purpose of the move_uploaded_file() function). PHP under Windows may need upload_tmp_dir actually set in the php.ini file.

    Once you have an uploaded file, you can shift it whereever you like, including to where the webserver can read it to serve it. The biggest problem with that it is awfully easy to put this directory inside your codebase. Don’t do that. As soon as you do anything beyond editing the files inside the directory they are served from, it will be problematic. Trust me: I’ve dealt with a few times this in code I’ve inherited. It’s easy to let your webserver load files from a location outside your codebase.

    The other alternative is to produce a download script. That way the file need not be servable by the webserver at all. One disadvantage is that you don’t get to leverage the web server’s MIME translation, but then, that lets you control which types of image files are permitted.

    • 0