[UPHPU] upload files

David Smith DavidSmith at byu.net
Mon Jul 26 16:34:54 MDT 2004


<quote who="John Anderson">

>>These are obviously rhetorical questions. They are not meant to be
>>offensive, but rather to make a small but important point: no one should
>>reinvent the wheel for every problem they encounter. The whole purpose of
>>libraries like libxml, libmysql, and yes, even Mega Upload, is to ease
>> the
>>developer's burden. I agree with you that it is important to understand
>>the issues (security and otherwise) behind each concept you work with,
>> but
>>that should never preclude you from utilizing a third-party library to
>> get
>>the job done.
>
> I would have to disagree here. If you don't feel you grasp the technical
> (does it do what I
> wan't efficiently?) and security (does it safely accomplish the task and
> protect all user assets?)
> aspects of the software, that should be exactly what keeps you from using
> a third-party
> library.

I was not referring to one's ability to "grasp the technical and security
aspects of the software". I was referring to one's ability to grasp the
technical and security aspects of the *concept*. There's an important
difference. Obviously, if you don't understand a piece of software, and
you use it in your application, you are likely to encounter problems. I
agree with you there. That was not my argument. My argument was that if
you don't understand the details behind a concept, you should use someone
else's library to get the functionality you need, rather than implement it
yourself. The original poster was asking what security issues and other
details he should be aware of when implementing file uploads. That is why
I recommended he use a third-party library to do the job for him. My
reasoning was that he could save time by not having to learn all the nitty
gritty nuances of PHP file uploads by using someone else's code. Maybe
it's not worth arguing. Perhaps for PHP file uploads, there is a required
set of knowledge even if you *do* use a third-party package. Whatever the
case, I still recommend the use of abstraction libraries rather than
touching the base PHP functions whenever possible (within reason).

For example, I really wish I had used Pear's DB abstraction libraries for
many of my sites, as well as Net_LDAP for phpLDAPadmin.

--Dave



More information about the UPHPU mailing list