Leaderboard

Thanks for the nice words! Yes, as a general security rule you don't want user-uploaded files in the web directory. It would make sense to create a new folder for each user and store their uploads in their own directory. Some OSes have limits on the number of files or folders than can be in a directory, so that's a problem you'll need to worry about should you get to a high level. To show, say, an image in the browser, you'd set the HTML src to something like image.php?id=X. The image.php script would identify the image to be served and output it. I forget if there's an example of that in this particular book but it's not that complicated.