[thelist] best file upload practices

Burhan Khalid thelist at meidomus.com
Thu Feb 17 00:34:13 CST 2005


Theodore Serbinski wrote:
> Hey guys, have a general question on what are the best practices for
> file uploading?
> 
> Do you guys check file names for no spaces and punctation? Allow it
> anyways? Generate unique file names? What about retrevial?

Unless you are letting users rename files for you, you don't have to 
worry about this too much.  The operating system from which the file is 
being uploaded won't let the user create a file that has invalid characters.

In PHP, which is what I'm familiar with -- the server uploads the file 
to a temporary location and gives it a temporary name, I then have the 
option of saving the file with a new name, or the original name of the file.

I think you'll have to worry more about other things, such as file size, 
file type (some hosting providers do not allow .exe files to be 
uploaded) the kinds of files ("warez", illegal mp3s, etc.) things like 
that will get your account suspended -- sometimes, without notice.

> I'm not looking to store any of these files in a database. Just throw
> the files in a folder that will allow the files to be downloaded from
> a HTML page. Thanks!

Unless there is a burning reason to have a HTML interface to this 
location, why not use other more friendly options -- such as FTP or 
WebDAV? This way, you don't have to worry about all the annoyances of HTTP.


More information about the thelist mailing list