by
Jeff Wheeler aka
nokrev |
5 July 2006Yay, this is the last page! In the
previous page you
learned more practical file handling tricks, and we will
wrap things up on this page.
Allowing users to upload files is a necessity of many
sites, so, how does one do that, exactly? Turns out, there's
some
handy documentation written on that. Having trouble
getting all that? Well, here's some help that's slightly
easier to digest.
- First, you'll need an html page where the form will
lie. This form must define the max file-size for the
upload, and must have the file upload field itself.
The MAX_FILE_SIZE defines the largest possible
file-size, in bytes, of course. The name attribute of
the upload field (designated by the file value for the
type attribute) is the important part, as we will later
use this in our script to know which file to upload
(this is used to support multiple uploads).
- Next, we have to upload the file. But first, it's
important to understand the $_FILE[] array.
In the $_FILE[] array, there's one entry for each upload
field in the form which sent the user to this script.
So, in our case, there is one index named 'userfield',
for the one field with that name in our form. Each value
in the array is also an associative array, with the
following keys and values (reworded for clarity from
documentation):
|
|
'name'
|
The
filename used on the client's computer.
|
'type'
|
The
mime-type of the file (e.g. image/gif). The
browser doesn't always provide this, and the
value should not be assumed to be correct.
|
'size' |
Size of
uploaded file (in bytes). |
'tmp_name'
|
The
filename given to the uploaded file, which
should immediately be moved and renamed upon
successful upload. The location is irrelevant,
because the methods you use to move the file
(move_uploaded_file, which I use later) are
aware of the location. |
'error' |
The error
code (or success code, if 0) for the problem
which occurred during upload. (Error
Codes)
|
Table 1: A summary of the keys
and values
- So, now we can get down to business. We
start by getting the filename we will want to give the
uploaded file, and the directory where we will want to
put it.
The use of basename is absolutely necessary. Without
this, you're running a huge security risk. If a user
were to upload a file with a name that started with a
relative path going up, such as ../../../, they would
eventually get to root, and could navigate to anywhere
on the filesystem by putting in more directories after
the original starting path.
It is very
important that you make sure the server has permissions
to write to this directory. If your server is running
any distro of Linux or Mac OS X, you'll likely need to
chmod the directory.
- Next, you simply need to move the uploaded file to $target_file.
I suggest doing this in an if, in order to test for
success.
That's really all there is to it. Pretty simple, huh? You
can expand on this, by reading PHP's documentation on
serializing and
unserializing objects. If you have any questions,
feel free to post them on the
forums.
|