Skip to main content

Upload file

Create an Upload-File Form

To allow users to upload files from a form can be very useful.

Look at the following HTML form for uploading files:




enctype="multipart/form-data">










Notice the following about the HTML form above:

* The enctype attribute of the
tag specifies which content-type to use when submitting the form. "multipart/form-data" is used when a form requires binary data, like the contents of a file, to be uploaded
* The type="file" attribute of the tag specifies that the input should be processed as a file. For example, when viewed in a browser, there will be a browse-button next to the input field

Note: Allowing users to upload files is a big security risk. Only permit trusted users to perform file uploads.
Create The Upload Script

The "upload_file.php" file contains the code for uploading a file:

if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>

By using the global PHP $_FILES array you can upload files from a client computer to the remote server.

The first parameter is the form's input name and the second index can be either "name", "type", "size", "tmp_name" or "error". Like this:

* $_FILES["file"]["name"] - the name of the uploaded file
* $_FILES["file"]["type"] - the type of the uploaded file
* $_FILES["file"]["size"] - the size in bytes of the uploaded file
* $_FILES["file"]["tmp_name"] - the name of the temporary copy of the file stored on the server
* $_FILES["file"]["error"] - the error code resulting from the file upload

This is a very simple way of uploading files. For security reasons, you should add restrictions on what the user is allowed to upload.
Restrictions on Upload

In this script we add some restrictions to the file upload. The user may only upload .gif or .jpeg files and the file size must be under 20 kb:


if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}

?>

Note: For IE to recognize jpg files the type must be pjpeg, for FireFox it must be jpeg.
Saving the Uploaded File

The examples above create a temporary copy of the uploaded files in the PHP temp folder on the server.

The temporary copied files disappears when the script ends. To store the uploaded file we need to copy it to a different location:

if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "
";

if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>

The script above checks if the file already exists, if it does not, it copies the file to the specified folder.

Note: This example saves the file to a new folder called "upload"

Comments

Post a Comment

Popular posts from this blog

PHP Interview Questions & Answers

Web Development PHP Difference between echo and print? void echo ( string $arg1 [, string $...] ) Outputs all parameters. echo() is not actually a function (it is a language construct), so you are not required to use parentheses with it. echo() (unlike some other language constructs) does not behave like a function, so it cannot always be used in the context of a function. Additionally, if you want to pass more than one parameter to echo(), the parameters must not be enclosed within parentheses. echo() also has a shortcut syntax, where you can immediately follow the opening tag with an equals sign. This short syntax only works with the short_open_tag configuration setting enabled. I have foo. print --- out put a string print behaves like a function and you can return values and echo can't Prin can be used as a part of more complex operations What is the use of ob_start in php? ob_start — Turn on output buffering According to PHP manual* Description bool ob_start ( [callback $outpu...
3 comments
Read more

Shopping Cart Help

*******************Important URL for Coding *********************** http://de.tikiwiki.org/xref-BRANCH-1-9/nav.html?lang/ca/language.php.source.html ******************************************************** Creating the Database Let's assume that we're running a website that sells Sony Playstation 2 games. We'll need one table to store the details of each product, and another table to store the contents of each user's shopping cart, so that these details can persist over multiple sessions. Fire up the MySQL console application and create a database named cart. Populate the database with two tables: items and cart, using this code: create database cart; create table items ( itemId int auto_increment not null, itemName varchar(50), itemDesc varchar(250), itemPrice decimal(4,2), primary key(itemId), unique id(itemId) ); create table cart ( cartId int auto_increment not null, cookieId varchar(50), itemId int, qty int, primary key(cartId), unique id(cartId) ); The first table...
Post a Comment
Read more

Curl Example & fsockopen() Example

***************************** CURL Example **************************** $senthost = "http://s4.myvaluefirst.com/psms/servlet/psms.Eservice2?data=".$xmlcode."&action=send"; //echo "Path:".$path." "; //print $path." "; $user_agent=$_SERVER['HTTP_USER_AGENT']; $cookies = 'cookies'; $ch = curl_init($senthost); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); $line = curl_exec($ch); $error = curl_error($ch); echo (($error!= "")? ('Error: ' . $error) : $line); curl_close($ch); ******************************** Getting with fsockopen() function $senthost = "http://localhost/loginvalidate.php?username=demo&pass=123"; $host="127.0.0.1"; $ht...
Post a Comment
Read more