A very simple PHP file uploader
Hello,
Coding coding... for coding fans. Another PHP effort for uploading files. Would you know why it does not save anything? Thank you in advance Code:
<?php An alternative would be, but also not working: Code:
<?php Note: These few lines of code we have given you will allow anyone to upload data to your server. Because of this, we recommend that you do not have such a simple file uploader available to the general public. Otherwise, you might find that your server is filled with junk or that your server's security has been compromised. |
Compare your code to the examples and documentation at www.php.net.
In the submission form, you should have a MAX_FILE_SIZE hidden input field, specifying the maximum uploaded file size. (It is for user's benefit only. You still need to check the actual file sizes on the server.) In the upload script, the uploaded files are saved in a temporary directory (more about that below), and unless you move them elsewhere using move_uploaded_file(), they will be deleted when the PHP script finishes. The copy() in your latter script is useless for this. You do need to use move_uploaded_file() for this. (They might be unlinked files, at least in theory, so normal copy() would not even see them even if you specified explicitly the correct upload directory.) Finally, your PHP configuration must allow file uploads. There are three variants of the PHP interpreter -- mod_php, cgi, and cli -- and each default to a different php.ini; make sure you modify the correct one. For mod_php, you can set PHPRC environment variable in Apache config to set the configuration file directory, and set individual configuration items in the Apache config itself. cgi and cli versions should have their own subdirectories in /etc/php/ or /etc/php5/. If you do a simple <?PHP phpinfo(); ?> page, you can see which php.ini file(s) that interpreter used. There are five important configuration settings in the PHP configuration:
To avoid security problems and reduce the impact of possible denial-of-service attacks via PHP POST requests, I recommend only allowing file uploads and larger POST requests for specific scripts. If you use mod_php, you can use a Directory and Files directives to limit the scope, then use php_value to set the php.ini settings in the Apache config. If you use CGI, SUEXEC CGI, FastCGI, or SUEXEC FastCGI, use a small dash wrapper script for upload scripts, to change the php.ini to a special one that allows larger POSTs and file uploads: Code:
exec /usr/bin/env -i \ If you have your own server or virtual server, and are not using a web hosting service, I also recommend using a dedicated user account (thus, SUEXEC + CGI + PHP, or SUEXEC + FastCGI + PHP), so that it is not possible for the upload script to overwrite any script, or write to anywhere in the web tree, unless expressly allowed to (by directory access mode bits). Web hosting services only provide one user account per hosted service, so you cannot do that there. |
thank you for your help. It was very helpful. this works
Code:
<?php // RAY_temp_upload_example.php Now next step, how to upload several files at one, with multi selection using CTRL key? |
Quote:
Code:
<form action="URL-to-upload-PHP" method="post" enctype="multipart/form-data" accept-encoding="utf-8"> In PHP, $_FILES['name']['name'], $_FILES['name']['type'], $_FILES['name']['size'], $_FILES['name']['tmp_name'], and $_FILES['name']['error'], can be either just strings or numbers (if client does not support multiple file upload, or only one file was uploaded), or arrays. If they're arrays, they all have the same number of elements, which is of course the number of files selected for that control. So be careful, and test your code with different inputs (and both single and multiple file uploads), preferably with multiple browsers. I tested the above with PHP-5.3.3 (via SUEXEC FastCGI and Apache 2.2.16) and Firefox 3.6.18. I didn't bother testing other browsers, but I do believe recent browsers should all work. If you use HTML5 and Javascript, you can extend the HTML to a drag and drop file upload field. On the server side, the POST response should be identical; it's just a better user interface for the fields in the browser. For older browsers, I recommend creating a fallback: multiple file upload fields, all but the first initially hidden (style="display: none;"). Each input then has an onselect/onclick/foobar Javascript event handler (I cannot remember which works best on most browsers, you need to check), which unhides the next input control. That way users with stale browsers will still be able to upload multiple files, even if they need to select them one by one. Hope you find this useful. |
All times are GMT -5. The time now is 11:40 PM. |