I was wondering what the best option would be for uploading sensitive files (with client info). Could PHP upload them outside the htdocs public area? If so, how could they then be downloaded?
The way that uploads work is that the files are immediately stored in a tmp directory on the server. It is up to you to then move them to somewhere useful - that can be outside of the htdocs directories if you wish.
A prerequisite for doing any file uploading work is to spend a good amount of time studying the various parts of the manual - which I find is one of the best written subjects.
It might be a pain - but uploading files is chock full of gotchas - there is no shortcut to reading the manual on this particular subject.
See especially the "Common pitfalls" section.
Thanks. Uploading tends to be OK but I usually upload them to a live directory. I wasn't sure if they could be uploaded outside of htdocs, but now I know. I've had them upload outside htdocs and used a php file to force a download, after the usual check to see if they are logged in. First time I've done that. I spotted the problem on a system built by my predecessor. All fixed before launch luckily so no harm done.