- Check the referrer: Check to make sure that the information being sent to your script is from your website and not an outside source. While this information can be faked, it's still a good idea to check.
- Restrict file types: You can check the mime-type and file extension and only allow certain types to be uploaded.
- Rename files: You can rename the files that are uploaded. In doing so, check for double-barreld extensions like yourfile.php.gif and eliminate extensions you don't allow, or remove the file completely.
- Change permissions: Change the permissions on the upload folder so that files within it are not executable. Your FTP program probably allows you to chmod right from it.
- Login and Moderate: Making your users login might deter some deviant behavior. You can also take the time to moderate all file uploads before allowing them to become live on the web.
PHP File Upload Security Ideas
Some Precautions To Make File Uploads With PHP Safer
By Angela Bradley, About.com Guide
See More About:
When you allow users to upload files to your website, you are putting yourself at a security risk. While nobody is ever completely safe, here are some precautions you can incorporate to make your site safer.
Related PHP Articles
Join the PHP Discussion
Related Functions
Explore PHP / MySQL
Must Reads
Most Popular
- About.com
- Computing & Technology
- PHP / MySQL
- Advanced PHP
- PHP Upload Security - File Security PHP - Upload Script Security
©2012 About.com. All rights reserved.
A part of The New York Times Company.