Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@alexbrooklyn php://input would be correct...
The $_FILES array is ... crazy.
Otherwise... Pretty straight forward.
Any specific questions? -
@IntrusionCM It's mostly that you can easily do so many things wrong and open up to extreme security issues if you make a mistake.
-
@PrivateGER Yes... But isn't that true for everything? XD
Afaik it's usually the following:
1) File error status (UPLOAD_ERR_OK)
2) Temporary file exists && not empty
3) Sane file name, max 255 length (thx to windows)
4) Validation of file (length / mime type / ...)
5) move_uploaded_file !== false -
@IntrusionCM Well, screwing up a file upload can be a bit more dangerous than other fuckups. ^^
-
Just dig up all the intricacies, learn to handle them securly, turn that knowledge into a set of small functions and never ever think about the language specifics again.
File Uploads in PHP are scary.
random