Theodore Serbinski wrote: > Hey guys, have a general question on what are the best practices for > file uploading? > > Do you guys check file names for no spaces and punctation? Allow it > anyways? Generate unique file names? What about retrevial? Unless you are letting users rename files for you, you don't have to worry about this too much. The operating system from which the file is being uploaded won't let the user create a file that has invalid characters. In PHP, which is what I'm familiar with -- the server uploads the file to a temporary location and gives it a temporary name, I then have the option of saving the file with a new name, or the original name of the file. I think you'll have to worry more about other things, such as file size, file type (some hosting providers do not allow .exe files to be uploaded) the kinds of files ("warez", illegal mp3s, etc.) things like that will get your account suspended -- sometimes, without notice. > I'm not looking to store any of these files in a database. Just throw > the files in a folder that will allow the files to be downloaded from > a HTML page. Thanks! Unless there is a burning reason to have a HTML interface to this location, why not use other more friendly options -- such as FTP or WebDAV? This way, you don't have to worry about all the annoyances of HTTP.