What's the minimum code required, in order to upload files to a web server securely?

Define: "upload files to a web server securely" If you mean upload them securely, as in preventing someone from capturing the content while it is being upload, then you need to use the https:// protocol on a secure web site using an SSL certificate. If you mean secure for the web site, read this article - http://www.scanit.be/uploads/php-file-upload.pdf

What code is needed to upload a file?

http://www.php.net/features.file-upload

CFMaBiSmAd I have a couple of questions about the PDF you gave a link to, hoping the OP does not mind the semi-hijack. Though it does directly relate to his question...

The conclusion and ideal solution was to store uploaded files outside the web root. Is this possible when you are using a hosting company with shared resources? My webroot starts with public_html and I can go no further up the tree; it occurs to me that I am stuck because the only areas I can get to on this Linux system all stems from my webroot.

Assuming I can place files outside the webroot, how then do I include these files in my html markup? Oh wait, I just caught on to the technique mentioned:


<?php
$uploaddir = '/var/spool/uploads/';
$name = $_GET['name'];
readfile($uploaddir.$name);
?>


So I would need to do this readfile() deal everywhere an uploaded image is used in my markup....? Hmm interesting.

A lot of hosting accounts have a structure like -

account_root -
-------------- document_root (public_html)
-------------- SSL_document_root
-------------- statistics
-------------- logs
...

Where you could put your own folders/files.

Any PHP function that uses a file system path can access these - include, readfile, ...

If you don't have this structure available, you would need to put your content into a folder within your document_root and then put a .htaccess file to deny http/https access to all through the web server, but a php script can still operate on the files through the file system.