Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Upload pictures with PHP

11:52 pm on Mar 13, 2014 (gmt 0)

New User

5+ Year Member

joined:Oct 30, 2013
posts: 37
votes: 0

I'm planning to give the chance to the users to upload pictures related to some element in my web site.
I want to ask your opinion about the fact that I'm thinking to use the upload class class.upload.php [verot.net...]

I don't want to reinvent something that I think it already works pretty well.

What do you think? Is it enough for a small site? What will happen if I will have more users?
Any consideration? I'm thinking to reduce size and dimension of each pictured upload in order to avoid to use too much space on the server (normal hosting on bluehost).

Any recommendation?

12:21 am on Mar 18, 2014 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
votes: 90

I have used that method in the past and it does work. I am yet to use it on a live site though. There are just so many security issues that you need to be aware of.

You need to make sure all files you allow users to upload. Just because something is an image file, does not mean it is only an image. There are so many ways if placing dangerous code within almost any file.

I am no expert on this, and I am hopeful that someone with more experience will join the thread.

10:19 am on Mar 18, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Oct 15, 2004
votes: 0

avoid gif files - they are dangerous (php code can be written inside them)
i found that jpg/jpeg/bmp are more secure in that way

pay attention to file names - allow only letters and numbers, avoid spaces and other special characters

limit size is mandatory - users tend to stick their camera/mobile/flash drive on their pc, select image and upload from there.

what will happen if a user deletes an image?
can he rename it? crop it? alter it? watermarked it?
are there unique urls per image?
take into cosideration seo approach on these issues.

for my tastes, i create a folder per user. All of his uploads end there (even the thumbs of his images)
3:56 pm on Mar 19, 2014 (gmt 0)

New User

5+ Year Member

joined:Oct 30, 2013
posts: 37
votes: 0

Thanks guys,

First point definitely not gif images.
Secondo: all the images will be associated to different elements that are store in the database (elements like monuments, museum, religious building and some other type). Each element has a unique 10 chars string that I will use to generate the name of the images that I'm going to save in the server.
Most likely I'll set a 2MB limit and I will resize the image and save an original and a thumb ( the "original" will show up once you click on the thumb through something like lightbox or something like that). The thumb will have a fix length and width according if it is an horizontal or vertical image. The original I'll probably resize if the width and height are too big.
I'll have the control over the pictures that users will publish so I can automatically delete in case the picture is not proper.
What do you think? Any possible issues?
5:52 pm on Mar 19, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
votes: 47

- Make sure the images have read only permissions once they've been moved to their permanent and publicly accessible location. Basically give it the least amount of permissions and no more.

- Preferably give it your own filename. Something like imagefile.php.apachedoesntknowthisextension can be parsed as PHP. At the very least sanitise/validate the file name.

- Have a look at client side technologies that can help shrink the image before it gets pushed to your server. People don't know that a 50MB file from their camera can be shrunk down to a more sane size with little loss in quality. "Uploadify" is a popular package that can accommodate this.
8:15 pm on Mar 19, 2014 (gmt 0)

New User

5+ Year Member

joined:Mar 19, 2014
posts: 18
votes: 0

When I started my world in php I also had the same problem.
Its an endless search to know exactly how to do it.
You will need a script that will upload, resize and rename the images.

I eventually got hold of a script and adapted it to what I need by reverse engineering.
Let me know if you need sample script to do the same... It makes life so much easier!
7:38 pm on Mar 25, 2014 (gmt 0)

New User

5+ Year Member

joined:Feb 24, 2014
votes: 0

If you use HTML5 you can resize the files using the File API before the upload thereby reducing the load on your hosting server.

See the following url for info:


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members