what is the safe way to implement file upload in your server. Here is my situation.. 1. i want to let users upload small avatar like image files in the website. 2. I tried setting upload folder 777 permission and i am afraid that it could be a serious security concern? 3. i tried setting permissions to 755 or 775 , but upload fails. 4. i am saving the images in the server and not storing in the database. what is the best way to do this?
Here is my solution: Place the images in a directory below user access (under www/public_html), this way user's can't directory access files that might cause trouble. Access the images using a getimage.php file (which will be passed the name), which will check for security, file type and such. Peace,
what permissions do i need to set? i heard this method, but i think i should fetch the file and read the image files using filesystem functions... If anybody could post sample code, it would be much helpful as i am more confused on this