PDA

View Full Version : [FAQ] How do I upload a file to a directory ?



mdshare
04-06-2008, 07:36 PM
The following outlines all the necessary steps needed to upload a file to the server, and then relocate the file to another directory.

Also see the FAQ on permissions at:
http://criminalexistence.com/ceforums/i ... ic=18419.0 (http://criminalexistence.com/ceforums/index.php?topic=18419.0)

Permissions must be set on the destination directory before this method will work.

Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. This is required, and will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. One attribute *must* also appear in the form tag to trigger the browser to upload data, and that is: enctype='multipart/form-data'.

The following should be pretty straight forward:



<?php
//upload2dir.php

echo "<html>\n",
" <head>\n",
" <title>UPLOAD TO A DIRECTORY</title>\n",
" </head>\n",
" <body>\n";

if (!isset($_POST['do_action']))
{

echo " <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
" <input type='file' name='userfile' />\n",
" <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
" <input type='submit' name='do_action' value='Upload' />\n",
" </form>\n";
}
else
{
// You may also use if (is_uploaded_file($_FILES['userfile']['tmp_name']))
// IMO using if isset is an identical test

if (isset($_FILES['userfile']['tmp_name']))
{
// In this line I'm examining the file size and the MIME type of the file
// to verify that the file is in the acceptable size range and is a jpeg
// image. MIME type testing isn't foolproof, it is possible to spoof this.
// The size testing, however, is not spoofable.

if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
{
// Give the file a new name to prevent one user from overwriting files
// uploaded by another. mktime(), which creates a UNIX timestamp in
// addition to the user name is good for this.

$new_file_name = mktime().'.jpg';

// $_SERVER['DOCUMENT_ROOT'] will provide an absolute path to the base directory
// fill in the rest of the path from there, if necessary.
// echo the value of $_SERVER['DOCUMENT_ROOT'] to do this!

$file_path = '/images/users/'.$new_file_name;

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].$file_path))
{
echo "Upload successful!

\n";
echo 'File: '.$_FILES['userfile']['name'].' ('.$_FILES['userfile']['size'].") Bytes
\n";
echo "Renamed: $new_file_name
\n";
}
else
{
echo 'Upload failed: There was likely a permissions error.';
}
}
else
{
echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
}
}
else
{
echo 'Upload failed: A valid file has not been uploaded!';
}
}

echo " </body>\n",
"</html>";
?>


Also have a look at:
http://www.php.net/manual/en/features.f ... ost-method (http://www.php.net/manual/en/features.file-upload.php#features.file-upload.post-method)

Which explains the $_FILES superglobal and the information available in it.