J2Ee Hosting, Sun Java Developing, Domain Name Hosting Blog

543Chapter 29SecurityFirst, we need to decide what we are going to do with the uploaded file. In this case, let s planon writing it back out to disk somewhere in our Web tree, so that visitors can access it: cd mkdir uploadschmod 766 uploadsThe first thing we ve done is to make sure we are in the root of our Web document directory. Next, we ve created a directory to hold uploaded files. There s nothing magical about thename we ve chosen for this directory you can name it free_beerif you like, although thatmight be slightly less meaningful in your finished implementation. The last bit is the scarypart. With permissions defined above, we ve made the directory world writeable. In somecases, the directory may also need to be executable, but you should try to get away withthese more minimal permissions first. (Of course, these are Unix-specific commands. Windowsusers will typically have an easier time of it using the graphical tools that OS provides.) Next, we need a proper form. A form that handles file uploads is not much different from aregular form, but the requirements of its design are somewhat more stringent:

The first thing you ll notice here is the enctypeattribute to the form tag. Other values forenctypeare available, but the default browser interpretation, application/x-www-form- urlencoded, will generally serve for most purposes. Not so with file uploads, however. Youmust specify the enctypeexactly as shown above or the browser will not send the data in a format that PHP understands. Skip down to line 3, to the input type of file. This may be anew item to you. It creates in the form field that looks much like a text input box, but with theaddition of a Browsebutton that ideally launches the default file browsing implementation forthe client system. Finally, we ve added a hidden field with the reserved name MAX_FILE_SIZE. This is a cue to the browser that it should check the file size against a maximum of 50000bytes and advise the user accordingly. This is primarily done as a convenience to the user. Itis not universally supported and is easily circumvented, so don t rely on it to enforce your filesize limits. You can, however, rely on PHP to enforce your limits in this regard. PHP provides bothphp.inifile settings and some coding techniques to do this. You should avail yourself ofboth. As the php.inifile settings provide a reasonable fallback, let s start by reviewingthose. The first setting should be obvious: file_uploads = OnThe next relevant setting is: upload_tmp_dir = This is typically left unassigned, which results in a default appropriate for your system. Thisis not where the final uploaded file will resideThis isgenerally the best choice, so unless youhave a really compelling reason to set this to something else, leave it alone. The next setting is where we enforce a maximum file size. upload_max_filesize = 2M33
Note: In case you are looking for affordable webhost to host and run your web application check Vision cheap hosting services

This entry was posted on Thursday, May 3rd, 2007 at 1:20 pm and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.