Skip to main content
S
sellador315
Inspiring
October 12, 2011
Question

Best way to move files with php

  • October 12, 2011
  • 1 reply
  • 1088 views

Hey all,

I've created an "Update Item" Page where the user is able to move the item from one catergory to another, however, each item has an image so the image needs to be able to move to the correct folder if the user moves the item.

Here is the code I wrote based on what I have found on the web.

A) It doesn't work

B) I've now learned this could open the site up to massive security risks.

if (array_key_exists('submit', $_POST)) {

$oldPath = $row_rsImages['parentPage'];

$newPath = $_POST['parentPage'];

$file = $row_rsImages['imageURL'];

copy('../images/photography/$oldPath/$file', '../images/photography/$newPath/$file');

}

Any ideas or pointers would be very welcome at this moment in time!

Cheers

T

This topic has been closed for replies.

1 reply

Lon_Winters
Lon_Winters
Inspiring
October 12, 2011

I guess it depends on why the images are in specific folders in the first place, and how important that is. In the grand scheme, it doesn't matter where the images actually are, because you can use different ways to link to them. Also I'm assuming that the update page "moves" the item to a different category by updating the category name or value in the item's record.

I'm not familiar with the code that copy's a file from one place to another, but do do this you do have to have write permissions set on the destination folder. And yes, any time you set permissions to anything higher than read only, that does increase vulnerability. Still, the practice is not unheard of - certain applications that provide users ability to upload files do require an upload folder with write permissions - so you should be Ok as long as you're careful to only include a particular folder or folders, and not others, or the site root, or anything like that.

Further, you can add additional security if the users that use the feature have to log in - then you can protect each of the pages with page restrictions that check for the user log in as well as a certain access level.

S
sellador315Author
Inspiring
October 13, 2011

Thanks.

When they change page/folder for the photo it updates the database, so if the file has not moved, it will not display as the database will be pointing the browser to another location. Do you see what I mean? I guess it doesn't have to be like that, I thought it would just be another way to avoid the user uploading files with the same name and having to re-name them (maybe a bit too careful!).

Yep, I've set the file permission to write and the user has log in details with page restrictions on each page so all is good there.

Lon_Winters
Lon_Winters
Inspiring
October 14, 2011

Yep, fair enough, you've convinced me.

I would of put validation script for the upload form in either case and I haven't gone too far with it so I guess there is no real need to worry.

Thanks for your advice.


You're welcome. Keep us posted on your progress. I love building these kinds of applications, don't get to do it enough. So the next best thing is seeing someone else's work!

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices