Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Just a quick question on best practice.
If my website visitors are uploading files that fail file validation (too large, wrong filetype etc.) is it safer/ more efficient to programatically delete the file from the servers tmp directory? Or do I just let the purge cycle performed by the server take care of it?
Many thanks
Phill
From the manual:
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.
So, you could omit it, however:
Whatever the logic, you should either delete the file from the temporary directory or move it elsewhere.
... it's always nice to be explicit in your script. In short: you don't have to, but I would.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
My site isn't using a front controller pattern or anything fancy, it's currently a bunch of php files in folders.
e.g:
http://www.example.com/customer/account-settings.php
maps direcctly to:
/var/www/sites/example/http/customer/account-settings.php
I've started playing with twig, and wonder what the best practice for locating the template files is?
Should I put them all in
/var/www/sites/exammple/templates/
or should I put them alongside their corresponding .php file?
/var/www/sites/example/http/customer/account-settings.twig
/var/www/sites/example/http/index.twig
etc?
I would place all files in one directory and than create a configuration variable like
$templatesDir='/var/www/sites/exammple/templates/';
to reference the location.
That way views are organized and not scattered around the project. If for some reason you want to change their location to another directory you just have to change the $templatesDir variable in one place.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I have two way for insert image upload url in MySQL database:
One:(only filename)
1410468094_shutterstock_130757219.jpg
Two:(full url)
http://localhost/nws/uploads/files/1/shutterstock_130757219.jpg
which way is better?
file name is best cause if anytime you change folder name or location .
Second way without the domain name is batter. I mean uploads/files/1/shutterstock_130757219.jpg is batter. Because your domain name may change over time. But you should put the file path relative to your web root directory.
If all images will be put in the same folder you would like to leave out the path, that way you could move the images one day to S3, CDN or anywhere else and won't have to update all the records. However if the images comes from all over the Internet, you need the full path.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
My php file online has permission settings 444 - ('readable' for everyone)
When I open the file in Firefox, it correctly only shows the output of the file (meaning things that are echoed or printed)
I want people to NOT EVER see the inside of the php file because it shows sensitive information. So - are there some people that are able to look into the inside of the php file?
Unless someone has access to the server then generally no.
There are ways to purposely make the source code visible however.
http://php.net/manual/en/function.show-source.php
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have stored all my necessary functions to a file functions.php.inc and I use this at the top of each page like this
require_once("functions.php.inc");
I want to know that Is there any effect on performance to have this name. If I change the functions.php.inc to functions.php will it give better performance or there is no any difference.
Besides the .inc warning given in comments, there should be no performance impact (extra 4 characters comparison, negligible ; the file system also is very comfortable with having to deal with a 13 or 17 chars file name).
Also, in recent versions of PHP, the APC cache is included (default), meaning that there is no extra parsing of the file that require that inc file (just the first time it is accessed). Then APC checks the file status (from file system) to detect a change when it is accessed again, from further requests.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
From your experience, are there any security measures that one should undertake on a VPS before including files with absolute paths (opening /, eg. /common/lib.php or /images/image.jpg)
Yeah, there is one for sure.
Make sure that you turned display_errors off, to make all the error messages you will get invisible to the user.
Then make these paths real, by adding $_SERVER['DOCUMENT_ROOT'] to them or any other way.
And yes, as long as you are using this kind of code
include $_SERVER['DOCUMENT_ROOT'].'/common/lib.php';
using no dynamically generated filenames
you may consider yourself safe.