際際滷

際際滷Share a Scribd company logo

File Upload

Download as PPT, PDF
W
webhostingguy

1) File uploads in PHP require configuring php.ini settings like enabling file uploads and setting temporary storage directories with correct permissions. 2) Forms for file uploads need to use POST with multipart/form-data encoding and include file input fields and hidden fields. 3) PHP stores uploaded files in the $_FILES array, including the temporary filename, size, type, and original name, which can then be processed and moved to a permanent location.

1 of 10
Downloaded 91 times
CSC 2720 Building Web Applications PHP File Upload
Handling File Uploads in PHP PHP must run with the right settings. You may need to change the PHP configuration file php.ini . A temporary storage directory must exists with the correct permissions. Uploaded files are stored here temporarily; the files may be removed from here when your PHP script finishes processing the HTTP request. The final storage directory must exists with the correct permissions. You have to write codes to move the uploaded files from the temporary directory to another directory.
Configuring php.ini file_uploads Enable/disable PHP support for file uploads max_input_time Indicates how long, in seconds, a PHP script is allowed to receive input post_max_size Size, in bytes, of the total allowed POST data upload_tmp_dir Indicates where uploaded files should be temporarily stored upload_max_filesize Size, in bytes, of the largest possible file upload allowed
HTTP File Upload ( RFC 1867 ) Set attribute METHOD=&quot;POST&quot; Set attribute ENCTYPE=&quot;multipart/form-data&quot; Use INPUT element with TYPE=&quot;file&quot; to create a file upload control (one control per file) Hidden input field MAX_FILE_SIZE recommends to the web client the limit of the size of the uploaded file. <form action=&quot;file_upload.php&quot; method=&quot;post&quot; enctype=&quot;multipart/form-data&quot; > <input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;30000&quot; /> <input type=&quot;file&quot; name=&quot;upload&quot; /> <input type=&quot;submit&quot; value=&quot;Upload&quot; /> </form>
POST register.jsp HTTP/1.1 Host: hi/iq User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------29772313742745 Content-Length: 452 -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;name&quot; J.Doe -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;email&quot; [email_address] -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;file-upload&quot;; filename=&quot;test.txt&quot; Content-Type: text/plain test data with some high ascii: 多Como est臓s? -----------------------------29772313742745-- An example of data sent via POST method with enctype=&quot;multipart/form-data&quot; (Copied from http://www.devx.com/Java/Article/17679/0/page/2 )
The $_FILES Array The error code associated with any problem. error The temporary filename of the uploaded file as it was stored on the server. tmp_name The size of the uploaded file in bytes. size The MIME type of the file, as provided by the browser. type The original name of the file (as it was on the user's computer). name Meaning Index
Processing the uploaded items // &quot;upload&quot; is the name assigned to the input element, as in // <input type=&quot;file&quot; name=&quot;upload&quot; /> if (isset( $_FILES['upload'] )) { if ( $_FILES['upload']['error'] > 0)) { // File upload fails. See next slide for detailed info about the // meaning of the error code. } else { // e.g., only allows JPEG image files to be uploaded // Note: This is not a complete list of MIME types for JPEG images $allowed = array('image/jpeg', 'image/jpg'); // Continue next page
Processing the uploaded items ( continue) if (in_array( $_FILES['upload']['type'] , $allowed)) { $tmp = $_FILES['upload']['tmp_name'] ; $dst = &quot;C:/uploads/{ $_FILES['upload']['name'] }&quot;; if ( move_upload_file ($tmp, $dst)) { // Success ! } } } // End of else // Manually delete the temporary uploaded file if // it still exists $tmp = $_FILES['upload']['tmp_name'] ; if (file_exists($tmp) && is_file($tmp)) unlink($tmp); } Note: move_uploaded_file() will overwrite an existing file without warning.
File Upload Error Messages Explained UPLOAD_ERR_OK Value: 0; There is no error, the file uploaded with success. UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini . UPLOAD_ERR_FORM_SIZE Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. UPLOAD_ERR_PARTIAL Value: 3; The uploaded file was only partially uploaded. UPLOAD_ERR_NO_FILE Value: 4; No file was uploaded. UPLOAD_ERR_NO_TMP_DIR Value: 6; Missing a temporary folder. Introduced in PHP 4.3.10 and PHP 5.0.3. UPLOAD_ERR_CANT_WRITE Value: 7; Failed to write file to disk. Introduced in PHP 5.1.0. UPLOAD_ERR_EXTENSION Value: 8; File upload stopped by extension. Introduced in PHP 5.2.0. Source: http://www.php.net/manual/en/features.file-upload.errors.php
References and Related Resources PHP: Filesystem Functions e.g., mkdir() Create a directory filesie() Get the size of a file copy() Copy a file rename() Rename a file or folder filemtime() Get file modification time http://www.php.net/manual/en/ref.filesystem.php PHP: Handling File Uploads http://www.php.net/manual/en/features.file-upload.php PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition) , by Larry Ullman. Peachpit Press, 2007 (pp 302-15)

More Related Content

File Upload

  • 1. CSC 2720 Building Web Applications PHP File Upload
  • 2. Handling File Uploads in PHP PHP must run with the right settings. You may need to change the PHP configuration file php.ini . A temporary storage directory must exists with the correct permissions. Uploaded files are stored here temporarily; the files may be removed from here when your PHP script finishes processing the HTTP request. The final storage directory must exists with the correct permissions. You have to write codes to move the uploaded files from the temporary directory to another directory.
  • 3. Configuring php.ini file_uploads Enable/disable PHP support for file uploads max_input_time Indicates how long, in seconds, a PHP script is allowed to receive input post_max_size Size, in bytes, of the total allowed POST data upload_tmp_dir Indicates where uploaded files should be temporarily stored upload_max_filesize Size, in bytes, of the largest possible file upload allowed
  • 4. HTTP File Upload ( RFC 1867 ) Set attribute METHOD=&quot;POST&quot; Set attribute ENCTYPE=&quot;multipart/form-data&quot; Use INPUT element with TYPE=&quot;file&quot; to create a file upload control (one control per file) Hidden input field MAX_FILE_SIZE recommends to the web client the limit of the size of the uploaded file. <form action=&quot;file_upload.php&quot; method=&quot;post&quot; enctype=&quot;multipart/form-data&quot; > <input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;30000&quot; /> <input type=&quot;file&quot; name=&quot;upload&quot; /> <input type=&quot;submit&quot; value=&quot;Upload&quot; /> </form>
  • 5. POST register.jsp HTTP/1.1 Host: hi/iq User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------29772313742745 Content-Length: 452 -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;name&quot; J.Doe -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;email&quot; [email_address] -----------------------------29772313742745 Content-Disposition: form-data; name=&quot;file-upload&quot;; filename=&quot;test.txt&quot; Content-Type: text/plain test data with some high ascii: 多Como est臓s? -----------------------------29772313742745-- An example of data sent via POST method with enctype=&quot;multipart/form-data&quot; (Copied from http://www.devx.com/Java/Article/17679/0/page/2 )
  • 6. The $_FILES Array The error code associated with any problem. error The temporary filename of the uploaded file as it was stored on the server. tmp_name The size of the uploaded file in bytes. size The MIME type of the file, as provided by the browser. type The original name of the file (as it was on the user's computer). name Meaning Index
  • 7. Processing the uploaded items // &quot;upload&quot; is the name assigned to the input element, as in // <input type=&quot;file&quot; name=&quot;upload&quot; /> if (isset( $_FILES['upload'] )) { if ( $_FILES['upload']['error'] > 0)) { // File upload fails. See next slide for detailed info about the // meaning of the error code. } else { // e.g., only allows JPEG image files to be uploaded // Note: This is not a complete list of MIME types for JPEG images $allowed = array('image/jpeg', 'image/jpg'); // Continue next page
  • 8. Processing the uploaded items ( continue) if (in_array( $_FILES['upload']['type'] , $allowed)) { $tmp = $_FILES['upload']['tmp_name'] ; $dst = &quot;C:/uploads/{ $_FILES['upload']['name'] }&quot;; if ( move_upload_file ($tmp, $dst)) { // Success ! } } } // End of else // Manually delete the temporary uploaded file if // it still exists $tmp = $_FILES['upload']['tmp_name'] ; if (file_exists($tmp) && is_file($tmp)) unlink($tmp); } Note: move_uploaded_file() will overwrite an existing file without warning.
  • 9. File Upload Error Messages Explained UPLOAD_ERR_OK Value: 0; There is no error, the file uploaded with success. UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini . UPLOAD_ERR_FORM_SIZE Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. UPLOAD_ERR_PARTIAL Value: 3; The uploaded file was only partially uploaded. UPLOAD_ERR_NO_FILE Value: 4; No file was uploaded. UPLOAD_ERR_NO_TMP_DIR Value: 6; Missing a temporary folder. Introduced in PHP 4.3.10 and PHP 5.0.3. UPLOAD_ERR_CANT_WRITE Value: 7; Failed to write file to disk. Introduced in PHP 5.1.0. UPLOAD_ERR_EXTENSION Value: 8; File upload stopped by extension. Introduced in PHP 5.2.0. Source: http://www.php.net/manual/en/features.file-upload.errors.php
  • 10. References and Related Resources PHP: Filesystem Functions e.g., mkdir() Create a directory filesie() Get the size of a file copy() Copy a file rename() Rename a file or folder filemtime() Get file modification time http://www.php.net/manual/en/ref.filesystem.php PHP: Handling File Uploads http://www.php.net/manual/en/features.file-upload.php PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition) , by Larry Ullman. Peachpit Press, 2007 (pp 302-15)