The most reliable way to upload files to your Web site is using FTP. Also, if you don't want to let someone know your main FTP password, you can create additional FTP accounts and restrict them to a certain directory (folder).
However, there are times when you might want to use a Web page to upload files. For instance, you may want to make it as easy as possible for an important client to upload a file, so you probably wouldn't want to make them install an FTP program.
The following sections cover creating and using upload scripts and the security issues involved:
Using an upload script creates a security risk, so you need to protect your Web site. If your upload page is visible to the public, a "hacker" could easily use it to upload their own scripts and take over your site. You must always password protect the folder that the script is in.
A Google search will show a number of good tutorials that explain how to write your own script. For example:
However, you might prefer to use a script that someone has already created. There are many of these available on the Web. For example, here's a script we've tested and found to work. That script allows you to upload multiple files, and uses AJAX to display a progress bar if the user has JavaScript enabled.