File Uploads are the transmission of data from one computer to another. Most often this is done over the internet or a local network using software programs such as FTP clients and web browsers. The other direction of data transfer is known as downloading, and is usually done from a server to a client or individual user.
Depending on your business’s content needs you may have to upload a variety of file types. These could include PDFs, word documents, spreadsheets, photos and videos. You might also need to upload files to a cloud-based platform to allow access from any device, anywhere at anytime. Regardless of what type of files you have to deal with, you’ll likely need to find a way to keep track of them all. Basic filing systems might have worked in the past but they won’t cut it in the modern age of digitized information and big data.
In order to have a usable digital document you’ll need to first convert the hard copy into the correct format. This can be as simple as scanning a paper contract or as complex as converting a handwritten typed manuscript into an editable PDF. Some PDF files can even be filled out, allowing users to add text and images directly into the document.
Once you have the digital file it can then be uploaded to whatever website or program requires it. Many sites will have specific instructions or help pages to walk you through the process. You’ll want to make sure you have enough storage space available to accommodate the size of the file you are uploading.
Files that are too large can be difficult to upload via FTP or email and can exceed limits set by your internet service provider. For example, if you’re trying to upload a high-definition video file, it can easily become over 100MB. A better option is to use a file-sharing platform that allows for unlimited uploads and downloads, such as ExaVault.
While PHP will return an indication of the file size, it won’t validate it, so an attacker on a shared hosting account could upload a malicious.php script as an image/gif and execute it via a URL in the same directory as the uploaded file. The best practice is to use a mimetype validator rather than the $_FILES method.