Search the Community

Hello! Just finished the PHP & MySQL book, and first of all just want to say it is really great. In the process of self learning/designing/building a complicated database project and was flailing before I got this excellent tutorial book that grounded my understanding in the foundational concepts pretty much all dynamic websites require. I now feel confident in starting construction now with an overall general understanding of the structure and coding required. Im sure I will have many more questions from here on, but for now will start with one. I know I can google these questions I will be asking, however I also know there is too much information to parse and find the best advice taking everything including security into account as well as overall best standards and practices. I am looking for some guidance about file uploads. The book goes as far as explaining the process of taking uploaded files and placing them in a temp file and then moving them to an uploads file outside the web directory. I am wondering, how do I organize the files after. Like do I make an individual folder lets say for every user and place the .jpg or .mp4 in a folder for the user that uploaded it? Also where do I place the folder, is it still outside the web directory if the jpg lets say needs to be viewed in the browser by users? Also what would be the general flow of retrieving the file? Thats pretty much it for now. Also no rush, I'm not up to that yet, its just one of the things I've been thinking about at night. Thanks a million in advance for your time and energy in responding to my questions!

Really enjoying your book. On page 345 you mention that file uploads entail creating a folder that everyone can write (chmod 777). Wouldn't the best practice be to change the owner to www-data and set chmod 755 (on Linux systems)? Would this pose similar or any security risks? Would you still want to configure the .htaccess file (to restrict the folder to only make mp3s publically viewable for instance)?

I am attempting to add a feature to my website where users are able to upload images for companies, and when looking at the code for 10.3 I noticed something that confused be on line 28 & 29: if (move_uploaded_file ($_FILES['upload']['tmp_name'], "../uploads/{$_FILES['upload']['name'] }")) { echo '<p><em>The file has been uploaded!</em></p>'; What confuses me about this line is that, up until this point it does not appear that the file has actually been moved to the permanent directory. How can we expect this conditional to ever come back TRUE (since it is a conditional...) if we've never established the permanent directory. It is never established at the end (the actual HTML form) nor the code before the conditionals (ie the HTML header area). Are these two lines supposed to both move the temp file AND act as a conditional? Or have we established this somewhere in the PHP.ini file? Because the PHP.ini file has upload_tmp_dir but not the permanent directory we want it to transfer the temp files to. Am I missing something here? Is this an error?