File Uploads in PHP are scary.

Welcome to the matrix.

Especially since they don't work with PUT requests

@alexbrooklyn Seriously?
What else are you supposed to use? Post? Patch? 😕

@alexbrooklyn php://input would be correct...

The $_FILES array is ... crazy.

Otherwise... Pretty straight forward.

Any specific questions?

@Root guess he meant HTML / multipart/form-data

@IntrusionCM That part isnt php specific. It's a mess everywhere.

@IntrusionCM It's mostly that you can easily do so many things wrong and open up to extreme security issues if you make a mistake.

@PrivateGER Yes... But isn't that true for everything? XD

Afaik it's usually the following:

1) File error status (UPLOAD_ERR_OK)
2) Temporary file exists && not empty
3) Sane file name, max 255 length (thx to windows)
4) Validation of file (length / mime type / ...)
5) move_uploaded_file !== false

@IntrusionCM Well, screwing up a file upload can be a bit more dangerous than other fuckups. ^^

Just dig up all the intricacies, learn to handle them securly, turn that knowledge into a set of small functions and never ever think about the language specifics again.

It’s easy! https://w3schools.com/php/...

@catgirl w3schools is about the last source I'd trust for anything PHP related.