Uploading files - really this easy?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Toneboy
Forum Contributor
Posts: 102
Joined: Wed Jul 31, 2002 5:59 am
Location: Law, Scotland.
Contact:

Uploading files - really this easy?

Post by Toneboy »

I always thought uploading files was going to be a pretty difficult thing to learn, but I just saw this script over at evilwalrus.com.

I can't believe uploading files could be so easy. But then again, the script is three years old. Here it is, adapted a bit.

Part 1:

Code: Select all

<form action="upload.php" method="post" ENCTYPE="multipart/form- data"> 
<input type="file" size=40 name="file"><br> 
<input type="hidden" name="MAX_FILE_SIZE" value="100000"> 
<input type="submit" value="upload"> 
</form>
And, naturally enough, the proposed upload.php:

Code: Select all

<? 
if ($file == "none") { 
print "You must specify a file to upload"; 
} 
else { 
copy($file, "$DOCUMENT_ROOT/uploads/newfolder/$file_name"); 
unlink($file); 
} 
?>
Also I recognise that you would need to set the CHMOD settings on that directory correctly.

Is it really that simple, or should you be doing something else as well?
Last edited by Toneboy on Fri Apr 18, 2003 6:09 am, edited 1 time in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

basically it is that simple. In recent versions of php (see also: http://forums.devnetwork.net/viewtopic.php?t=511) the location where the file infos are stored changed.

Code: Select all

&lt;form action="upload.php" method="post" ENCTYPE="multipart/form-data"&gt;
	&lt;input type="file" size=40 name="file"&gt;&lt;br&gt;
	&lt;input type="hidden" name="MAX_FILE_SIZE" value="100000"&gt;
	&lt;input type="submit" value="upload"&gt;
&lt;/form&gt;

Code: Select all

<?php
...
// is there just anything that might be considered an uploaded file?
if (isset($_FILES['file']) && $_FILES['file']['name']!='')
{
	// any content?
	if ($_FILES['file']['size'] > 0)
	{
		if (move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir . $_FILES['file']['name']))
			echo 'done.';
		else
			echo 'internal error, file could not be stored';
	}
	else
		echo 'file has no content, aborted';
}
else
	echo 'no file has been uploaded';
...
?>
(script tested not even by compiler ;) )
User avatar
Toneboy
Forum Contributor
Posts: 102
Joined: Wed Jul 31, 2002 5:59 am
Location: Law, Scotland.
Contact:

Post by Toneboy »

Excellent stuff, thanks.

Are you specifying your $uploaddir in your php.ini file, or doing that elsewhere? I'm a virtual server user, so unfortunately I would not be able to change any of the php.ini settings.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

it's from http://www.php.net/manual/en/features.file-upload.php ;)
you can specify $uploaddir wherever you want (in that script or an included script or ...), that's why there are ... before and after the code snippet.

p.s.: I added && $_FILES['file']['name']!='' seconds before you posted. Always forget it :oops:
If the form is submitted without a file selected there is an element 'file' in $_FILES but without values for 'name', 'tmp_name' and so on.
User avatar
Toneboy
Forum Contributor
Posts: 102
Joined: Wed Jul 31, 2002 5:59 am
Location: Law, Scotland.
Contact:

Post by Toneboy »

Any recommendations for the best CHMOD setting for an upload directory - 0777?

All working fine and dandy, just fine-tuning now. I'm also adding a mail() line so I'm notified of whenever a friend uploads a file for me to look at.
PaulCreedy
Forum Newbie
Posts: 6
Joined: Mon May 19, 2003 4:30 am

Post by PaulCreedy »

I'm very new to PHP and was looking at a way of uploading a file.

Thanks for the example.

Do you know if there is a way of checking the file end so that I can allow/deny different file types.

ie only allow JPEG, deny any .exe files etc.

Thanks in advance
Tubbietoeter
Forum Contributor
Posts: 149
Joined: Fri Mar 14, 2003 2:41 am
Location: Germany

Post by Tubbietoeter »

Use preg_match to check the file-name extensions. thats not very save though since extensions can be changed.
Post Reply