Section 13.8. Handling File Uploads

Previous page
Table of content
Next page

13.8. Handling File Uploads

The basis for file uploads lies in a special variety of HTML input element, file, which brings up a file selection dialog in most browsers that allows your visitor to select a file for uploading. You can include this element in a HTML form just like you would any other elementweb browsers render it as a text box and a "select" (or "browse") button. When your form is submitted, it will automatically send with it the file.

Here is an example HTML form that allows users to select a file for uploading to your server. Note that we specify enctype in our form in order that our file be transmitted properly, and that the action property of the form is set to point to upload2.php, which we will look at in a moment.

     <form enctype="multipart/form-data" method="post" action="upload2.php">             Send this file: <input name="userfile" type="file" /><br />             <input type="submit" value="Send File" />     </form>

We give the new file element the name userfile. Now, here is the accompanying PHP script, upload2.php, which prints out a little information about the file just uploaded from upload1.php:

     $filename = $_FILES['userfile']['name'];     $filesize = $_FILES['userfile']['size'];     print "Received $filename  - its size is $filesize";

If there are file uploads, PHP puts information in the superglobal $_FILES for each one in the form of an array. If you run var_dump( ) on $_FILES, here is how it will look:

     array(1) {             ["fileone"]=> array(5) {                     ["name"]=> string(14) "Greenstone.bmp"                     ["type"]=> string(9) "image/bmp"                     ["tmp_name"]=> string(24) "C:\WINDOWS\TEMP\php6.tmp"                     ["error"]=> int(0)                     ["size"]=> int(26582)             }     }

The name element contains the original filename given by the user, type is the MIME file type (if known), tmp_name is the name the file has on your server (this might be something like /tmp/tmp000)whether there were any errors or not and size is the size of the file sent in bytes.

If you find files over a certain size aren't being uploaded properly, you may need to increase the upload_max_filesize setting in your php.ini file.

You can move uploaded files using the aptly named move_uploaded_file( ) function. This takes two filenames as its parameters, and returns false if the file you tried to move was either not sent by HTTP upload (perhaps your user was trying to fool your script into touching /etc/passwd?) or if it couldn't be moved (perhaps owing to permissions problems). In the event that the desination file exists already, it will be overwritten.

The first parameter should be the name of the uploaded file you wish to work with. This corresponds to $_FILES['userfile']['tmp_name'] if you are using userfile as the form element in your upload HTML page. The second parameter is the name of the filename you want the uploaded file to be moved to. If all goes well, PHP returns true, and the file will be where you expect it. Here is the whole operation in action:

     if (move_uploaded_file($_FILES['userfile']['tmp_name'], "/place/for/file")) {             print "Received {$_FILES['userfile']['name']} -                     its size is {$_FILES['userfile']['size']}";     } else {             print "Upload failed!";     }

Note that you will need to edit /place/for/file to somewhere PHP has permission to copy files. As you can see, a call to move_uploaded_file( ) checks security and does all the copying work for you.

13.8.1. Checking Uploaded Files

The move_uploaded_file( ) function is the same as the rename( ) function, with the difference that it only succeeds if the file was just uploaded by the PHP script. This adds extra security to your script by stopping people trying to move secure data, such as password files, into a public directory.

If you want to perform this check yourself, use the is_uploaded_file( ) function. This takes a filename as its sole parameter, and returns true if the file was uploaded by the script and false if not. Here is a simple example:

     if (is_uploaded_file($somefile)) {             copy($somefile, "/var/www/userfiles/$somefile");     }

If you just want to check whether a file was uploaded before you move it, move_uploaded_file( ) is better.


Previous page
Table of content
Next page
PHP in a Nutshell
Ubuntu Unleashed
ISBN: 596100671
EAN: 2147483647
Year: 2003
Pages: 249
Authors: Andrew Hudson, Paul Hudson
BUY ON AMAZON
Software Configuration Management
Image Processing with LabVIEW and IMAQ Vision
Adobe After Effects 7.0 Studio Techniques
FileMaker Pro 8: The Missing Manual
GO! with Microsoft Office 2003 Brief (2nd Edition)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy