Lets say I let people upload files on the server. Should I change the

Question

Editorial Team

Asked: May 30, 20262026-05-30T13:13:23+00:00 2026-05-30T13:13:23+00:00

Lets say I let people upload files on the server. Should I change the file name s
after the upload ? if yes, how can I tell the about the file names later on , beacause in CMS I need tpo provide them with the url to images or doc files etc so they refer to them while producing text for the website.
I coded a program with which my users can navigate through some files and folders
they can create folders and upload files of any extension inside the mentioned folders
. Unfortinately my code creates all files and foldes with 777 permission. I wanna know
What would happen if someone uploads a .php file inside a folder and runs it. Can he/she
Delete every possible thing ? May you help me with right permission I should give to those files
and folders. The uploader should know about the url where he/she has uploaded
the image so while creating some content he can refer to them as url for images or
office word documents. Please help me with security hole.

Thank you.

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-30T13:13:25+00:00

I suggest you create some database table as a reference to those file so that you can record the old name, and changing the name in file system to different one so that you will never overwrite an existing file with same name.Or you can even same file in DB instead of file system.
First thing is you should not allow user upload any executable files to your server, or at least you need to change the extension name to something else I think. And I don’t think 777 is needed, you just need to make sure the folder r/w to the php/web server processor and that’s should be enough for any user access them

The Archive Base Latest Questions