Uploading files using HTTP Post Request

Question

Hi All,

I want to upload files to a server which is also owned by me. I could think of two ways, of how this can be achieved.

Method1: Use HTTP POST request to upload the files. The standard way of uploading files.

Method2: Its a two step process. First the client does a POST request with all the details of the file, to the server. Then the server issues Get request(s) onto the client to get the contents of the file.

Here method2 seems to be more secure, as the server is in control. The server can request data from the server only when the server feels it to be appropriate, and restrict the amount of data that needs to be transferred.

Still i am confused as i am not an expert in this area. Anyone with more hindsight thoughts on this can you please share.

Thanks

Answer 1

I think a normal POST upload is way more reliable. Method 2 is unnecessarily complicated and you might run into nasty firewall and NAT problems with it too.

You won't run into problems with upload size and such things if you set up proper limits on your server.

Answer 2

Your best bet is Method1, just your standard POST with input type file and enctype multipart/form-data

<form action="." enctype="multipart/form-data" method="post">
  <p>files: <input type="file" name="datafile" size="40"></p>

  <div>
    <input type="submit" value="submit">
  </div>
</form>

Answer 3

Define More Secure?

If you want control what users can Upload and what not, then think first what they should do and what not. Step one could be defining an array of allowed extensions which are allowed.

$extensions = array("pdf","doc","txt");

Then if users upload file, use string to lower and get file extension, then check if the extension is in your array

if(!in_array($extension,$extensions))
//return false or what ever you want do if file extension is not allowed.

Here is a small tutorial of how you could upload files using PHP and HTML.

http://www.tizag.com/phpT/fileupload.php