Following on from: https://stackoverflow.com/questions/26197056/ajax-form-submission-do-i-need-to-consider-caching-options-when-making-post-req
I'd like to perfect a template for the ajax submission of HTML forms; submission of text and image file fields. I have text submission down and believe my ajax is prepped for image upload (HTML and JS code at above question). Im planning how to tackle the server side scripts and looking for some guidance.
PHP
<?php
require ("config.php");
require (MYSQL);
//standard includes that take care of DB connection
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Check for a form submission
if (preg_match ('/^.{2,140}$/', $_POST['textInput'])) {
$t = $_POST['textInput'];
} else {
$errors['textInput'] = 'Missing Text';
}
$i = //Not finished image upload code yet. I'll be using the guide at below w3schools link.
if (empty($errors)) {
$insertExample = $dbc->prepare("INSERT INTO exampleTable (text,img) VALUES (?,?)");
$insertExample->bind_param('sb',$t,$i);
$insertExample->execute();
mysqli_close($dbc);
}
}
?>
I'll be using the below guide to write PHP for image upload and database insert. http://www.w3schools.com/php/php_file_upload.asp
I intend on uploading all images to a folder and then inserting a reference to their location in my DB. Please advise if I should have anything important (high level approach or security related) on my radar.
I understand that I don't really need any other PHP validation other than the length check I have on text because I am using prepared statements. Am I missing any security best practices?
With regard to images, I will be checking file type, extension and size. I am using a hosting company. The prospect of allowing the public to upload images to my account is rather worrying. Any article recommendations would be much appreciated.
