On Feb 24, 2009, at 5:29 PM, paradisonoir wrote:
>
> Thanks Paul for your constant help.
>
> Does it matter how am I sending my file? (form vs. client sending)?
> Cause in
> my case, I want my client send files.
>
If you want to send meta-data and one or more files as one POST
request then using multipart/form-data is IMHO the best approach.
> I think for this part :
>
>
> Paul Sandoz wrote:
>>
>> I think you should be careful using the file name the client has
>> given to
>> be used directly for file operations on the server as a nasty
>> client could
>> create a file name that causes problems e.g. overwriting files and
>> could
>> thus be a security risk.
>>
>
> I am going to use certain session ID that are unique each time they
> are
> generated, but you are right, it should be handled properly.
>
OK.
Paul.