Title: CSC 2720 Building Web Applications
1CSC 2720Building Web Applications
2Handling File Uploads in PHP
- PHP must run with the right settings.
- You may need to change the PHP configuration file
php.ini. - A temporary storage directory must exists with
the correct permissions. - Uploaded files are stored here temporarily the
files may be removed from here when your PHP
script finishes processing the HTTP request. - The final storage directory must exists with the
correct permissions. - You have to write codes to move the uploaded
files from the temporary directory to another
directory.
3Configuring php.ini
- file_uploads
- Enable/disable PHP support for file uploads
- max_input_time
- Indicates how long, in seconds, a PHP script is
allowed to receive input - post_max_size
- Size, in bytes, of the total allowed POST data
- upload_tmp_dir
- Indicates where uploaded files should be
temporarily stored - upload_max_filesize
- Size, in bytes, of the largest possible file
upload allowed
4HTTP File Upload (RFC 1867)
ltform action"file_upload.php" method"post"
enctype"multipart/form-data"gt ltinput
type"hidden" name"MAX_FILE_SIZE"
value"30000" /gt ltinput type"file"
name"upload" /gt ltinput type"submit"
value"Upload" /gt lt/formgt
- Set attribute METHOD"POST"
- Set attribute ENCTYPE"multipart/form-data"
- Use INPUT element with TYPE"file" to create a
file upload control (one control per file) - Hidden input field MAX_FILE_SIZE recommends to
the web client the limit of the size of the
uploaded file.
5POST register.jsp HTTP/1.1 Host
hi/iq User-Agent Mozilla/5.0 (Windows U
Windows NT 5.1 en-US rv1.2) Gecko/20021126 Acce
pt text/xml,application/xml,application/xhtmlxml
,text/htmlq0.9,text/plainq0.8, video/x-mng,ima
ge/png,image/jpeg,image/gifq0.2,text/css,/q0
.1 Accept-Language en-us, enq0.50 Accept-Encodi
ng gzip, deflate, compressq0.9 Accept-Charset
ISO-8859-1, utf-8q0.66, q0.66 Keep-Alive
300 Connection keep-alive Content-Type
multipart/form-data boundary--------------------
-------29772313742745 Content-Length
452 -----------------------------29772313742745 Co
ntent-Disposition form-data name"name" J.Doe --
---------------------------29772313742745 Content-
Disposition form-data name"email" abuse_at_spamcop
.com -----------------------------29772313742745 C
ontent-Disposition form-data name"file-upload"
filename"test.txt" Content-Type
text/plain test data with some high ascii ÂComo
estÃs? -----------------------------2977231374274
5--
An example of data sent via POST method with
enctype"multipart/form-data" (Copied from
http//www.devx.com/Java/Article/17679/0/page/2)
6The _FILES Array
Index Meaning
name The original name of the file (as it was on the user's computer).
type The MIME type of the file, as provided by the browser.
size The size of the uploaded file in bytes.
tmp_name The temporary filename of the uploaded file as it was stored on the server.
error The error code associated with any problem.
7Processing the uploaded items
// "upload" is the name assigned to the input
element, as in // ltinput type"file"
name"upload" /gt if (isset(_FILES'upload'))
if (_FILES'upload''error' gt 0))
// File upload fails. See next slide for
detailed info about the // meaning of the
error code. else // e.g., only allows
JPEG image files to be uploaded // Note This
is not a complete list of MIME types for JPEG
images allowed array('image/jpeg',
'image/jpg') // Continue next page
8Processing the uploaded items ( continue)
if (in_array(_FILES'upload''type',
allowed)) tmp _FILES'upload''t
mp_name' dst "C/uploads/_FILES'uplo
ad''name'" if (move_upload_file(tmp,
dst)) // Success !
// End of else // Manually delete the
temporary uploaded file if // it still exists
tmp _FILES'upload''tmp_name' if
(file_exists(tmp) is_file(tmp))
unlink(tmp)
Note move_uploaded_file() will overwrite an
existing file without warning.
9File Upload Error Messages Explained
- UPLOAD_ERR_OK
- Value 0 There is no error, the file uploaded
with success. - UPLOAD_ERR_INI_SIZE
- Value 1 The uploaded file exceeds the
upload_max_filesize directive in php.ini. - UPLOAD_ERR_FORM_SIZE
- Value 2 The uploaded file exceeds the
MAX_FILE_SIZE directive that was specified in the
HTML form. - UPLOAD_ERR_PARTIAL
- Value 3 The uploaded file was only partially
uploaded. - UPLOAD_ERR_NO_FILE
- Value 4 No file was uploaded.
- UPLOAD_ERR_NO_TMP_DIR
- Value 6 Missing a temporary folder. Introduced
in PHP 4.3.10 and PHP 5.0.3. - UPLOAD_ERR_CANT_WRITE
- Value 7 Failed to write file to disk.
Introduced in PHP 5.1.0. - UPLOAD_ERR_EXTENSION
- Value 8 File upload stopped by extension.
Introduced in PHP 5.2.0. - Source http//www.php.net/manual/en/features.file
-upload.errors.php
10References and Related Resources
- PHP Filesystem Functions
- e.g.,
- mkdir() Create a directory
- filesie() Get the size of a file
- copy() Copy a file
- rename() Rename a file or folder
- filemtime() Get file modification time
- http//www.php.net/manual/en/ref.filesystem.php
- PHP Handling File Uploads
- http//www.php.net/manual/en/features.file-upload.
php - PHP 6 and MySQL 5 for Dynamic Web Sites Visual
QuickPro Guide (3rd Edition), by Larry Ullman.
Peachpit Press, 2007 (pp 302-15)