I am currently reviewing my PHP script which allows users to upload a photo.

In my script, I see these notes..
* $_FILES['userfile']['tmp_name']
* Temporary filename of the file in which the uploaded file
* was stored on the server.
*
* Files will, by default be stored in the server's default
* temporary directory, unless another location has been given with
* the upload_tmp_dir directive in php.ini. The server's
* default directory can be changed by setting the
* environment variable TMPDIR in the environment in which PHP runs.
* Setting it using putenv() from within a PHP script will not work.
* This environment variable can also be used to make sure that
* other operations are working on uploaded files, as well. *

Knowing virtually nothing about Server Maintenance, and not knowing what my new Hosting Environment will be latter this month - other than Linux - could someone give me some tips on any Security Concerns that I should have pertaining to this?

(Somewhere in the past I recall that there was somewhere with Web Pages and PHP where you wanted to change the default "Temp Directory" because it was easy pickins for hackers... Maybe that was with SESSIONS?)

Hope this makes sense?!

Sincerely,


Debbie