Is this a safe way to create an ajax upload form? [closed]
I found this link online,
http://www.ultramegatech.com/blog/2010/10/create-an-upload-progress-bar-with-php-and-jquery/
Is it safe to install this php widget/plugin and then use it?
Maybe someone has another suggestion for a file upload system?
I have a form with a title, description and the input for the image. Upon submit, it should upload the image showing the upload process, then enter the data into the MySQL table upon successful upload.
On a mac, you can drag and drop the files into the file input, so I'd like to keep that original look and feel.
Of course it is safe.
The important part is not the "interface" of the uploader which can be Ajax, RAW HTML, or whatever client you might use; It is rather the PHP processing script that will receive the uploaded file and process it.
Things you might want to consider in your 'upload.php' handler:
- checking file size
- checking file extension
- checking if file is a duplicate
- checking correct permissions so server can write/read it
- checking if user is abusing the upload system (cookie)
- etc..
- after all, save it for further needs ;)
Good luck.
The following is the source code of upload.php script:
<?php
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
$path = './uploads/' . basename($_FILES['file']['name']);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
As you can see, it is not doing any type of checking. If you upload any PHP shell script it will upload it without any problem. So it is not safe. The following link may help you: PHP image upload security check list
加载中,请稍侯......
精彩评论