ftp upload vs file upload

[eluser]wemago[/eluser]
oks I'm building a upload image controller,
where user can upload, edit and delete all info and the image.

I was reading some stuff and searching here in the forum and i saw that
file upload class doesn't have delete function, so i went to the file helper,
but there only exists the delete folder function.

after thinking for a while a saw a file delete function at ftp library.

so my question is if its better and more secure doing all upload / delete
using the ftp library or using only ftp library to delete the file.
what do u think about it?

thanx

[eluser]Crimp[/eluser]
You can use the unlink() function to delete files. I'd use the file upload class in your case. There are many discussions about file upload and security (inside/outside web root etc.) on the forum.

[eluser]wemago[/eluser]
I know there is and I've read almost all of them
almost all of them gets to no point

[eluser]Glen Swinfield[/eluser]
I would use unlink() to delete the files - it is likely there is no file delete function because it would look something like this:

Code:

function deleteFile($file){
     return unlink($file);
}

What would be the point - it's unnecessary?

Whenever you are dealing with files always check user generated paths, security holes exist that could give users access to your file system so look for '../' strings and so on.

Neither library is more secure in itself - it's how you use it.

[eluser]esra[/eluser]
If I recall correctly, file ownership belongs to the ftp user account used to upload the files. An ftp account with username and password are required to use ftp.

The file uploading class docs do not mention file ownership, so I'm assuming that Apache would own the files.