SlideShare a Scribd company logo

File upload php

sana mateen
sana mateen

The PHP script uses the HTTP_Upload class to handle multiple file uploads from an HTML form. It creates 5 instances of the HTTP_Upload class, one for each file upload field. It checks that the files were uploaded successfully and moves them to the destination folder. Any errors are displayed to the user. <?php // Destination folder for uploaded files $destination_folder = '/homework_submissions'; // Loop through each file upload field for($i=1; $i<=5; $i++) { // Create HTTP_Upload instance $

Education
1 of 23
FILE UPLOADING BY SANA MATEEN
INTRODUCTION • It’s actually possible to transfer of any kind of file via HTTP, including Microsoft Office documents, PDFs, executables, MPEGs, ZIP files, and a wide range of other file types. • Although FTP historically has been the standard means for uploading files to a server, file transfers are becoming increasingly prevalent via a web-based interface • PHP’s file upload configuration directives • PHP’s $_FILES superglobal array, used to handle file-upload data • PHP’s built-in file-upload functions: is_uploaded_file() and move_uploaded_file() • A review of possible error messages returned from an upload script • An overview of the HTTP_Upload PEAR package
Uploading Files via HTTP • The way files are uploaded via a Web browser was officially formalized in November 1995 when Ernesto Nebel and Larry Masinter of the Xerox Corporation proposed a standardized methodology for doing so within RFC 1867, “Form-Based File Upload in HTML” (www.ietf.org/rfc/rfc1867.txt). • This new media type was desired because the standard type used to encode “normal” form values, application/x-www-form-urlencoded, was considered too inefficient to handle large quantities of binary data that might be uploaded via such a form interface.
Uploading Files with PHP • Successfully managing file uploads via PHP is the result of cooperation between various configuration directives, the $_FILES superglobal, and a properly coded web form. • PHP’s File Upload/Resource Directives • Several configuration directives are available for fine-tuning PHP’s file-upload capabilities. These directives determine whether PHP’s file-upload support is enabled, as well as the maximum allowable uploadable file size, the maximum allowable script memory allocation, and various other important resource benchmarks. • file_uploads = On | Off • Scope: PHP_INI_SYSTEM; Default value: On • The file_uploads directive determines whether PHP scripts on the server can accept file uploads. • max_input_time = integer • Scope: PHP_INI_ALL; Default value: 60 • The max_input_time directive determines the maximum amount of time, in seconds, that a PHP script will spend attempting to parse input before registering a fatal error. This is relevant because particularly large files can take some time to upload.
• Note that if you create an upload feature which handles large documents or high resolution photos, you may need to increase the limit set by this directive accordingly. • max_file_uploads = integer • Scope: PHP_INI_SYSTEM; Default value: 20 • Available since PHP 5.2.12, the max_file_uploads directive sets an upper limit on the number of files which can be simultaneously uploaded. • memory_limit = integerM • Scope: PHP_INI_ALL; Default value: 16M • The memory_limit directive sets a maximum allowable amount of memory in megabytes that a script can allocate (note that the integer value must be followed by M for this setting to work properly). • It prevents runaway scripts from monopolizing server memory and even crashing the server in certain situations. • post_max_size = integerM • Scope: PHP_INI_PERDIR; Default value: 8M • The post_max_size places an upper limit on the size of data submitted via the POST method. • Because files are uploaded using POST, you may need to adjust this setting upwards along with upload_max_filesize when working with larger files.
• upload_max_filesize = integerM • Scope: PHP_INI_PERDIR; Default value: 2M • The upload_max_filesize directive determines the maximum size in megabytes of an uploaded file. • This directive should be smaller than post_max_size because it applies only to information passed via the file input type and not to all information passed via the POST instance. Like memory_limit, note that M must follow the integer value. • upload_tmp_dir = string • Scope: PHP_INI_SYSTEM; Default value: NULL • Because an uploaded file must be successfully transferred to the server before subsequent • processing on that file can begin, a staging area of sorts must be designated for such files where they can be temporarily placed until they are moved to their final location. This staging location is specified using the upload_tmp_dir directive. For example, suppose you want to temporarily store uploaded files in the /tmp/phpuploads/ directory. You would use the following: • upload_tmp_dir = "/tmp/phpuploads/" • Keep in mind that this directory must be writable by the user owning the server process.
The $_FILES Array • The $_FILES superglobal stores a variety of information pertinent to a file uploaded to the server via a PHP script. In total, five items are available in this array, each of which is introduced here: • Note Each of the array elements introduced in this section makes reference to userfile. This term is simply a placeholder for the name assigned to the file-upload form element. You will probably change this name in accordance with your chosen name assignment. • $_FILES['userfile']['error']: This array value offers important information pertinent to the outcome of the upload attempt. In total, five return values are possible: one signifying a successful outcome and four others denoting specific errors that arise from the attempt. • $_FILES['userfile']['name']: This variable specifies the original name of the file, including the extension, as declared on the client machine. Therefore, if you browse to a file named vacation.png and upload it via the form, this variable will be assigned the value vacation.png. • $_FILES['userfile']['size']: This variable specifies the size, in bytes, of the file uploaded from the client machine. For example, in the case of the vacation.png file, this variable could plausibly be assigned a value such as 5253, or roughly 5KB.
PHP’s File-Upload Functions • In addition to the number of file-handling functions made available via PHP’s file system library PHP offers two functions specifically intended to aid in the fileupload • process, is_uploaded_file() and move_uploaded_file(). $_FILES['userfile']['tmp_name']: This variable specifies the temporary name assigned to the file once it has been uploaded to the server. This is the name of the file assigned to it while stored in the temporary directory (specified by the PHP directive upload_tmp_dir). $_FILES['userfile']['type']: This variable specifies the MIME type of the file uploaded from the client machine. Therefore, in the case of the vacation.png image file, this variable would be assigned the value image/png. If a PDF was uploaded, the value application/pdf would be assigned. Because this variable sometimes produces unexpected results, you should explicitly verify it yourself from within the script.
Determining Whether a File Was Uploaded • The is_uploaded_file() function determines whether a file specified by the input parameter filename is uploaded using the POST method. Its prototype follows: • boolean is_uploaded_file(string filename) • This function is intended to prevent a potential attacker from manipulating files not intended for interaction via the script in question. For example, consider a scenario in which uploaded files are made immediately available for viewing via a public site repository. Say an attacker wants to make a file somewhat juicier than the boring old class notes available for his perusal, say /etc/passwd. Rather than navigate to a class notes file as would be expected, the attacker instead types /etc/passwd directly into the form’s file-upload field. • Now consider the following script: • <?php • copy($_FILES['classnotes']['tmp_name'], • "/www/htdocs/classnotes/".basename($classnotes)); • ?> • The result of this poorly written example would be that the /etc/passwd file is copied to a publicly accessible directory. (Go ahead, try it. Scary, isn’t it?) To avoid such a problem, use the is_uploaded_file() function to ensure that the file denoted by the form field (in this case, classnotes) is indeed a file that has been uploaded via the form.
• Here’s an improved and revised version of the previous example: • <?php • if (is_uploaded_file($_FILES['classnotes']['tmp_name'])) { • copy($_FILES['classnotes']['tmp_name'], • "/www/htdocs/classnotes/".$_FILES['classnotes']['name']); • } else { • echo "<p>Potential script abuse attempt detected.</p>"; • } • ?> • In the revised script, is_uploaded_file() checks whether the file denoted by • $_FILES['classnotes']['tmp_name'] has indeed been uploaded. If the answer is yes, the file is copied to • the desired destination. Otherwise, an error message is displayed.
Moving an Uploaded File • The move_uploaded_file() function provides a convenient means for moving an uploaded file from the temporary directory to a final location. Its prototype follows: • boolean move_uploaded_file(string filename, string destination) • Although copy() works equally well, move_uploaded_file() offers one additional feature: it will check to ensure that the file denoted by the filename input parameter was in fact uploaded via PHP’s HTTP POST upload mechanism. If the file has not been uploaded, the move will fail and a FALSE value will be returned. Because of this, you can forgo using is_uploaded_file() as a precursor condition to using move_uploaded_file(). • Using move_uploaded_file() is simple. Consider a scenario in which you want to move the uploaded class notes file to the directory /www/htdocs/classnotes/ while also preserving the file name as specified on the client: • move_uploaded_file($_FILES['classnotes']['tmp_name'],"/www/htdocs/classnotes/" .$_FILES['classnotes']['name']); • Of course, you can rename the file to anything you wish after it’s been moved. It’s important, however, that you properly reference the file’s temporary name within the first parameter.
Upload Error Messages • How do you know with certainty that the file-upload procedure was successful? And if something goes awry during the upload process, how do you know what caused the error? Happily, sufficient information for determining the outcome (and in the case of an error, the reason for the error) is provided in $_FILES['userfile']['error']: • UPLOAD_ERR_OK: A value of 0 is returned if the upload is successful. • UPLOAD_ERR_INI_SIZE: A value of 1 is returned if there is an attempt to upload a file whose size exceeds the value specified by the upload_max_filesize directive. • UPLOAD_ERR_FORM_SIZE: A value of 2 is returned if there is an attempt to upload a file whose size exceeds the value of the max_file_size directive, which can be embedded into the HTML form • UPLOAD_ERR_PARTIAL: A value of 3 is returned if a file is not completely uploaded. • This might happen if a network error causes a disruption of the upload process. • UPLOAD_ERR_NO_FILE: A value of 4 is returned if the user submits the form without specifying a file for upload. • UPLOAD_ERR_NO_TMP_DIR: A value of 6 is returned if the temporary directory does not exist. • UPLOAD_ERR_CANT_WRITE: Introduced in PHP 5.1.0, a value of 7 is returned if the file can’t be written to the disk. • UPLOAD_ERR_EXTENSION: Introduced in PHP 5.2.0, a value of 8 is returned if an issue with PHP’s configuration caused the upload to fail.
Taking Advantage of PEAR: HTTP_Upload • While the approaches to file uploading discussed thus far work just fine, it’s always nice to hide some of the implementation details by using a class. The PEAR class HTTP_Upload satisfies this desire quite nicely. • It encapsulates many of the messy aspects of file uploading, exposing the information and features you’re looking for via a convenient interface. This section introduces HTTP_Upload, showing you how to take advantage of this powerful, no-nonsense package to effectively manage your site’s upload mechanisms. • Installing HTTP_Upload • To take advantage of HTTP_Upload‘s features, you need to install it from PEAR. The process for doing so follows: • %>pear install HTTP_Upload • downloading HTTP_Upload-0.9.1.tgz ... • Starting to download HTTP_Upload-0.9.1.tgz (9,460 bytes) • ....done: 9,460 bytes • install ok: channel://pear.php.net/HTTP_Upload-0.9.1 • Uploading a File • Uploading a file with HTTP_Upload is simple. Just invoke the class constructor and pass the name of the file-specific form field to the getFiles() method. If it uploads correctly (verified using the isValid() method), you can then move the file to its final destination (using the moveTo() method)
Uploading Multiple Files • One of the beautiful aspects of HTTP_Upload is its ability to easily manage multiple file uploads. To handle a form consisting of multiple files, all you have to do is invoke a new instance of the class and call • getFiles() for each upload control. Suppose the aforementioned professor has gone totally mad and now demands five homework assignments daily from his students.
HOMEWORK: WRITE A PHP SCRIPT TO ACCEPT FIVE FILES(HOMEWORK) FROM THE HTML FORM SHOWN PREVIOUSLY. SUBMISSION: AFTER 4 DAYS

Recommended

Uploading a file with php
Uploading a file with phpUploading a file with php
Uploading a file with php
Muhamad Al Imran
 
File Uploading in PHP
File Uploading in PHPFile Uploading in PHP
File Uploading in PHP
Idrees Hussain
 
Html images syntax
Html images syntaxHtml images syntax
Html images syntax
JayjZens
 
Common Gateway Interface
Common Gateway InterfaceCommon Gateway Interface
Common Gateway Interface
Piero Fraternali
 
2. forward chaining and backward chaining
2. forward chaining and backward chaining2. forward chaining and backward chaining
2. forward chaining and backward chaining
monircse2
 
Call by value and call by reference in java
Call by value and call by reference in javaCall by value and call by reference in java
Call by value and call by reference in java
sunilchute1
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
baabtra.com - No. 1 supplier of quality freshers
 
file handling c++
file handling c++file handling c++
file handling c++
Guddu Spy
 

Recommended

Uploading a file with php
Uploading a file with phpUploading a file with php
Uploading a file with php
Muhamad Al Imran
 
File Uploading in PHP
File Uploading in PHPFile Uploading in PHP
File Uploading in PHP
Idrees Hussain
 
Html images syntax
Html images syntaxHtml images syntax
Html images syntax
JayjZens
 
Common Gateway Interface
Common Gateway InterfaceCommon Gateway Interface
Common Gateway Interface
Piero Fraternali
 
2. forward chaining and backward chaining
2. forward chaining and backward chaining2. forward chaining and backward chaining
2. forward chaining and backward chaining
monircse2
 
Call by value and call by reference in java
Call by value and call by reference in javaCall by value and call by reference in java
Call by value and call by reference in java
sunilchute1
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
baabtra.com - No. 1 supplier of quality freshers
 
file handling c++
file handling c++file handling c++
file handling c++
Guddu Spy
 
Daa chapter 1
Daa chapter 1Daa chapter 1
Daa chapter 1
B.Kirron Reddi
 
File handling in c++
File handling in c++File handling in c++
File handling in c++
baabtra.com - No. 1 supplier of quality freshers
 
C++ Files and Streams
C++ Files and Streams C++ Files and Streams
C++ Files and Streams
Ahmed Farag
 
MYSQL - PHP Database Connectivity
MYSQL - PHP Database ConnectivityMYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
V.V.Vanniaperumal College for Women
 
Intermediate code generation
Intermediate code generationIntermediate code generation
Intermediate code generation
Dr.DHANALAKSHMI SENTHILKUMAR
 
Looping statements
Looping statementsLooping statements
Looping statements
Chukka Nikhil Chakravarthy
 
Pre processor directives in c
Pre processor directives in cPre processor directives in c
Pre processor directives in c
baabtra.com - No. 1 supplier of quality freshers
 
Input-Buffering
Input-BufferingInput-Buffering
Input-Buffering
Dattatray Gandhmal
 
Filehandling
FilehandlingFilehandling
Filehandling
Amandeep Kaur
 
Html phrase tags
Html phrase tagsHtml phrase tags
Html phrase tags
eShikshak
 
Delegates and events
Delegates and eventsDelegates and events
Delegates and events
Iblesoft
 
Artificial Intelligence - Game of Nim
Artificial Intelligence - Game of NimArtificial Intelligence - Game of Nim
Artificial Intelligence - Game of Nim
Kenneth Sutton
 
Implementation of absolute loader
Implementation of absolute loaderImplementation of absolute loader
Implementation of absolute loader
Jaya Krishnan P
 
PHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHPPHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHP
Vibrant Technologies & Computers
 
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Nuzhat Memon
 
Ch 3 Assembler in System programming
Ch 3 Assembler in System programming Ch 3 Assembler in System programming
Ch 3 Assembler in System programming
Bhatt Balkrishna
 
1.Role lexical Analyzer
1.Role lexical Analyzer1.Role lexical Analyzer
1.Role lexical Analyzer
Radhakrishnan Chinnusamy
 
Problems, Problem spaces and Search
Problems, Problem spaces and SearchProblems, Problem spaces and Search
Problems, Problem spaces and Search
BMS Institute of Technology and Management
 
predicate logic example
predicate logic examplepredicate logic example
predicate logic example
SHUBHAM KUMAR GUPTA
 
ProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) IntroductionProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) Introduction
wahab khan
 
Intro To C++ - Class #21: Files
Intro To C++ - Class #21: FilesIntro To C++ - Class #21: Files
Intro To C++ - Class #21: Files
Blue Elephant Consulting
 
PHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptxPHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptx
worldchannel
 

More Related Content

What's hot

Daa chapter 1
Daa chapter 1Daa chapter 1
Daa chapter 1
B.Kirron Reddi
 
File handling in c++
File handling in c++File handling in c++
File handling in c++
baabtra.com - No. 1 supplier of quality freshers
 
C++ Files and Streams
C++ Files and Streams C++ Files and Streams
C++ Files and Streams
Ahmed Farag
 
MYSQL - PHP Database Connectivity
MYSQL - PHP Database ConnectivityMYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
V.V.Vanniaperumal College for Women
 
Intermediate code generation
Intermediate code generationIntermediate code generation
Intermediate code generation
Dr.DHANALAKSHMI SENTHILKUMAR
 
Looping statements
Looping statementsLooping statements
Looping statements
Chukka Nikhil Chakravarthy
 
Pre processor directives in c
Pre processor directives in cPre processor directives in c
Pre processor directives in c
baabtra.com - No. 1 supplier of quality freshers
 
Input-Buffering
Input-BufferingInput-Buffering
Input-Buffering
Dattatray Gandhmal
 
Filehandling
FilehandlingFilehandling
Filehandling
Amandeep Kaur
 
Html phrase tags
Html phrase tagsHtml phrase tags
Html phrase tags
eShikshak
 
Delegates and events
Delegates and eventsDelegates and events
Delegates and events
Iblesoft
 
Artificial Intelligence - Game of Nim
Artificial Intelligence - Game of NimArtificial Intelligence - Game of Nim
Artificial Intelligence - Game of Nim
Kenneth Sutton
 
Implementation of absolute loader
Implementation of absolute loaderImplementation of absolute loader
Implementation of absolute loader
Jaya Krishnan P
 
PHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHPPHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHP
Vibrant Technologies & Computers
 
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Nuzhat Memon
 
Ch 3 Assembler in System programming
Ch 3 Assembler in System programming Ch 3 Assembler in System programming
Ch 3 Assembler in System programming
Bhatt Balkrishna
 
1.Role lexical Analyzer
1.Role lexical Analyzer1.Role lexical Analyzer
1.Role lexical Analyzer
Radhakrishnan Chinnusamy
 
Problems, Problem spaces and Search
Problems, Problem spaces and SearchProblems, Problem spaces and Search
Problems, Problem spaces and Search
BMS Institute of Technology and Management
 
predicate logic example
predicate logic examplepredicate logic example
predicate logic example
SHUBHAM KUMAR GUPTA
 
ProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) IntroductionProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) Introduction
wahab khan
 

What's hot (20)

Daa chapter 1
Daa chapter 1Daa chapter 1
Daa chapter 1
 
File handling in c++
File handling in c++File handling in c++
File handling in c++
 
C++ Files and Streams
C++ Files and Streams C++ Files and Streams
C++ Files and Streams
 
MYSQL - PHP Database Connectivity
MYSQL - PHP Database ConnectivityMYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
 
Intermediate code generation
Intermediate code generationIntermediate code generation
Intermediate code generation
 
Looping statements
Looping statementsLooping statements
Looping statements
 
Pre processor directives in c
Pre processor directives in cPre processor directives in c
Pre processor directives in c
 
Input-Buffering
Input-BufferingInput-Buffering
Input-Buffering
 
Filehandling
FilehandlingFilehandling
Filehandling
 
Html phrase tags
Html phrase tagsHtml phrase tags
Html phrase tags
 
Delegates and events
Delegates and eventsDelegates and events
Delegates and events
 
Artificial Intelligence - Game of Nim
Artificial Intelligence - Game of NimArtificial Intelligence - Game of Nim
Artificial Intelligence - Game of Nim
 
Implementation of absolute loader
Implementation of absolute loaderImplementation of absolute loader
Implementation of absolute loader
 
PHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHPPHP - Introduction to File Handling with PHP
PHP - Introduction to File Handling with PHP
 
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
Std 10 Computer Chapter 3 Handling Images in HTML (Part 1)
 
Ch 3 Assembler in System programming
Ch 3 Assembler in System programming Ch 3 Assembler in System programming
Ch 3 Assembler in System programming
 
1.Role lexical Analyzer
1.Role lexical Analyzer1.Role lexical Analyzer
1.Role lexical Analyzer
 
Problems, Problem spaces and Search
Problems, Problem spaces and SearchProblems, Problem spaces and Search
Problems, Problem spaces and Search
 
predicate logic example
predicate logic examplepredicate logic example
predicate logic example
 
ProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) IntroductionProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) Introduction
 

Similar to File upload php

Intro To C++ - Class #21: Files
Intro To C++ - Class #21: FilesIntro To C++ - Class #21: Files
Intro To C++ - Class #21: Files
Blue Elephant Consulting
 
PHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptxPHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptx
worldchannel
 
File upload in asp.net
File upload in asp.netFile upload in asp.net
File upload in asp.net
Sireesh K
 
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary filesPHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
Attaporn Ninsuwan
 
Introduction to php web programming - get and post
Introduction to php web programming - get and postIntroduction to php web programming - get and post
Introduction to php web programming - get and post
baabtra.com - No. 1 supplier of quality freshers
 
Php advance
Php advancePhp advance
Php advance
Rattanjeet Singh
 
PHP language presentation
PHP language presentationPHP language presentation
PHP language presentation
Annujj Agrawaal
 
Web application, cookies and sessions
Web application, cookies and sessionsWeb application, cookies and sessions
Web application, cookies and sessions
hamsa nandhini
 
Php File Upload
Php File UploadPhp File Upload
Php File Upload
saeel005
 
Web Development Course: PHP lecture 4
Web Development Course: PHP lecture 4Web Development Course: PHP lecture 4
Web Development Course: PHP lecture 4
Gheyath M. Othman
 
File Upload
File UploadFile Upload
File Upload
webhostingguy
 
Performance Load Cache
Performance Load CachePerformance Load Cache
Performance Load Cache
Altan Khendup
 
appengine ja night #25 Google App Engine for PHP (English)
appengine ja night #25 Google App Engine for PHP (English)appengine ja night #25 Google App Engine for PHP (English)
appengine ja night #25 Google App Engine for PHP (English)
Ryo Yamasaki
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
guest6b3d83
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
iasdoc
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
iasdoc
 
Bypass file upload restrictions
Bypass file upload restrictionsBypass file upload restrictions
Bypass file upload restrictions
Mukesh k.r
 
FTP(In_Linux).pptx
FTP(In_Linux).pptxFTP(In_Linux).pptx
FTP(In_Linux).pptx
ShanmugapriyaSenthil3
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
exsuns
 
Php
PhpPhp
Php
ksujitha
 

Similar to File upload php (20)

Intro To C++ - Class #21: Files
Intro To C++ - Class #21: FilesIntro To C++ - Class #21: Files
Intro To C++ - Class #21: Files
 
PHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptxPHP fundamnetal in information technology CHapter -02.pptx
PHP fundamnetal in information technology CHapter -02.pptx
 
File upload in asp.net
File upload in asp.netFile upload in asp.net
File upload in asp.net
 
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary filesPHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
PHP LFI to Arbitrary Code Execution via rfc1867 file upload temporary files
 
Introduction to php web programming - get and post
Introduction to php web programming - get and postIntroduction to php web programming - get and post
Introduction to php web programming - get and post
 
Php advance
Php advancePhp advance
Php advance
 
PHP language presentation
PHP language presentationPHP language presentation
PHP language presentation
 
Web application, cookies and sessions
Web application, cookies and sessionsWeb application, cookies and sessions
Web application, cookies and sessions
 
Php File Upload
Php File UploadPhp File Upload
Php File Upload
 
Web Development Course: PHP lecture 4
Web Development Course: PHP lecture 4Web Development Course: PHP lecture 4
Web Development Course: PHP lecture 4
 
File Upload
File UploadFile Upload
File Upload
 
Performance Load Cache
Performance Load CachePerformance Load Cache
Performance Load Cache
 
appengine ja night #25 Google App Engine for PHP (English)
appengine ja night #25 Google App Engine for PHP (English)appengine ja night #25 Google App Engine for PHP (English)
appengine ja night #25 Google App Engine for PHP (English)
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
 
Uploadify v2.1.0 manual
Uploadify v2.1.0 manualUploadify v2.1.0 manual
Uploadify v2.1.0 manual
 
Bypass file upload restrictions
Bypass file upload restrictionsBypass file upload restrictions
Bypass file upload restrictions
 
FTP(In_Linux).pptx
FTP(In_Linux).pptxFTP(In_Linux).pptx
FTP(In_Linux).pptx
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
 
Php
PhpPhp
Php
 

More from sana mateen

Files
FilesFiles
Files
sana mateen
 
PHP Variables and scopes
PHP Variables and scopesPHP Variables and scopes
PHP Variables and scopes
sana mateen
 
Php intro
Php introPhp intro
Php intro
sana mateen
 
Php and web forms
Php and web formsPhp and web forms
Php and web forms
sana mateen
 
Mail
MailMail
Mail
sana mateen
 
Files in php
Files in phpFiles in php
Files in php
sana mateen
 
Regex posix
Regex posixRegex posix
Regex posix
sana mateen
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
sana mateen
 
Xml schema
Xml schemaXml schema
Xml schema
sana mateen
 
Xml dtd
Xml dtdXml dtd
Xml dtd
sana mateen
 
Xml dom
Xml domXml dom
Xml dom
sana mateen
 
Xhtml
XhtmlXhtml
Xhtml
sana mateen
 
Intro xml
Intro xmlIntro xml
Intro xml
sana mateen
 
Dom parser
Dom parserDom parser
Dom parser
sana mateen
 
Unit 1-subroutines in perl
Unit 1-subroutines in perlUnit 1-subroutines in perl
Unit 1-subroutines in perl
sana mateen
 
Unit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scriptingUnit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scripting
sana mateen
 
Unit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressionsUnit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressions
sana mateen
 
Unit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structuresUnit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structures
sana mateen
 
Unit 1-perl names values and variables
Unit 1-perl names values and variablesUnit 1-perl names values and variables
Unit 1-perl names values and variables
sana mateen
 

More from sana mateen (20)

Files
FilesFiles
Files
 
PHP Variables and scopes
PHP Variables and scopesPHP Variables and scopes
PHP Variables and scopes
 
Php intro
Php introPhp intro
Php intro
 
Php and web forms
Php and web formsPhp and web forms
Php and web forms
 
Mail
MailMail
Mail
 
Files in php
Files in phpFiles in php
Files in php
 
Regex posix
Regex posixRegex posix
Regex posix
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
 
Xml schema
Xml schemaXml schema
Xml schema
 
Xml dtd
Xml dtdXml dtd
Xml dtd
 
Xml dom
Xml domXml dom
Xml dom
 
Xhtml
XhtmlXhtml
Xhtml
 
Intro xml
Intro xmlIntro xml
Intro xml
 
Dom parser
Dom parserDom parser
Dom parser
 
Unit 1-subroutines in perl
Unit 1-subroutines in perlUnit 1-subroutines in perl
Unit 1-subroutines in perl
 
Unit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scriptingUnit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scripting
 
Unit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressionsUnit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressions
 
Unit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structuresUnit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structures
 
Unit 1-perl names values and variables
Unit 1-perl names values and variablesUnit 1-perl names values and variables
Unit 1-perl names values and variables
 

Recently uploaded

Ch-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdfCh-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdf
lakshayrojroj
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
heathfieldcps1
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
deepaannamalai16
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
ShwetaGawande8
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
ImMuslim
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
EduSkills OECD
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
Kalna College
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
Kalna College
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Kalna College
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
Kalna College
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapitolTechU
 
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
andagarcia212
 
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxA Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
OH TEIK BIN
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
shreyassri1208
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 

Recently uploaded (20)

Ch-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdfCh-4 Forest Society and colonialism 2.pdf
Ch-4 Forest Society and colonialism 2.pdf
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx78 Microsoft-Publisher - Sirin Sultana Bora.pptx
78 Microsoft-Publisher - Sirin Sultana Bora.pptx
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 
Contiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptxContiguity Of Various Message Forms - Rupam Chandra.pptx
Contiguity Of Various Message Forms - Rupam Chandra.pptx
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
 
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
欧洲杯下注-欧洲杯下注押注官网-欧洲杯下注押注网站|【​网址​🎉ac44.net🎉​】
 
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxA Free 200-Page eBook ~ Brain and Mind Exercise.pptx
A Free 200-Page eBook ~ Brain and Mind Exercise.pptx
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 

File upload php

  • 2. INTRODUCTION • It’s actually possible to transfer of any kind of file via HTTP, including Microsoft Office documents, PDFs, executables, MPEGs, ZIP files, and a wide range of other file types. • Although FTP historically has been the standard means for uploading files to a server, file transfers are becoming increasingly prevalent via a web-based interface • PHP’s file upload configuration directives • PHP’s $_FILES superglobal array, used to handle file-upload data • PHP’s built-in file-upload functions: is_uploaded_file() and move_uploaded_file() • A review of possible error messages returned from an upload script • An overview of the HTTP_Upload PEAR package
  • 3. Uploading Files via HTTP • The way files are uploaded via a Web browser was officially formalized in November 1995 when Ernesto Nebel and Larry Masinter of the Xerox Corporation proposed a standardized methodology for doing so within RFC 1867, “Form-Based File Upload in HTML” (www.ietf.org/rfc/rfc1867.txt). • This new media type was desired because the standard type used to encode “normal” form values, application/x-www-form-urlencoded, was considered too inefficient to handle large quantities of binary data that might be uploaded via such a form interface.
  • 4.
  • 5. Uploading Files with PHP • Successfully managing file uploads via PHP is the result of cooperation between various configuration directives, the $_FILES superglobal, and a properly coded web form. • PHP’s File Upload/Resource Directives • Several configuration directives are available for fine-tuning PHP’s file-upload capabilities. These directives determine whether PHP’s file-upload support is enabled, as well as the maximum allowable uploadable file size, the maximum allowable script memory allocation, and various other important resource benchmarks. • file_uploads = On | Off • Scope: PHP_INI_SYSTEM; Default value: On • The file_uploads directive determines whether PHP scripts on the server can accept file uploads. • max_input_time = integer • Scope: PHP_INI_ALL; Default value: 60 • The max_input_time directive determines the maximum amount of time, in seconds, that a PHP script will spend attempting to parse input before registering a fatal error. This is relevant because particularly large files can take some time to upload.
  • 6. • Note that if you create an upload feature which handles large documents or high resolution photos, you may need to increase the limit set by this directive accordingly. • max_file_uploads = integer • Scope: PHP_INI_SYSTEM; Default value: 20 • Available since PHP 5.2.12, the max_file_uploads directive sets an upper limit on the number of files which can be simultaneously uploaded. • memory_limit = integerM • Scope: PHP_INI_ALL; Default value: 16M • The memory_limit directive sets a maximum allowable amount of memory in megabytes that a script can allocate (note that the integer value must be followed by M for this setting to work properly). • It prevents runaway scripts from monopolizing server memory and even crashing the server in certain situations. • post_max_size = integerM • Scope: PHP_INI_PERDIR; Default value: 8M • The post_max_size places an upper limit on the size of data submitted via the POST method. • Because files are uploaded using POST, you may need to adjust this setting upwards along with upload_max_filesize when working with larger files.
  • 7. • upload_max_filesize = integerM • Scope: PHP_INI_PERDIR; Default value: 2M • The upload_max_filesize directive determines the maximum size in megabytes of an uploaded file. • This directive should be smaller than post_max_size because it applies only to information passed via the file input type and not to all information passed via the POST instance. Like memory_limit, note that M must follow the integer value. • upload_tmp_dir = string • Scope: PHP_INI_SYSTEM; Default value: NULL • Because an uploaded file must be successfully transferred to the server before subsequent • processing on that file can begin, a staging area of sorts must be designated for such files where they can be temporarily placed until they are moved to their final location. This staging location is specified using the upload_tmp_dir directive. For example, suppose you want to temporarily store uploaded files in the /tmp/phpuploads/ directory. You would use the following: • upload_tmp_dir = "/tmp/phpuploads/" • Keep in mind that this directory must be writable by the user owning the server process.
  • 8. The $_FILES Array • The $_FILES superglobal stores a variety of information pertinent to a file uploaded to the server via a PHP script. In total, five items are available in this array, each of which is introduced here: • Note Each of the array elements introduced in this section makes reference to userfile. This term is simply a placeholder for the name assigned to the file-upload form element. You will probably change this name in accordance with your chosen name assignment. • $_FILES['userfile']['error']: This array value offers important information pertinent to the outcome of the upload attempt. In total, five return values are possible: one signifying a successful outcome and four others denoting specific errors that arise from the attempt. • $_FILES['userfile']['name']: This variable specifies the original name of the file, including the extension, as declared on the client machine. Therefore, if you browse to a file named vacation.png and upload it via the form, this variable will be assigned the value vacation.png. • $_FILES['userfile']['size']: This variable specifies the size, in bytes, of the file uploaded from the client machine. For example, in the case of the vacation.png file, this variable could plausibly be assigned a value such as 5253, or roughly 5KB.
  • 9. PHP’s File-Upload Functions • In addition to the number of file-handling functions made available via PHP’s file system library PHP offers two functions specifically intended to aid in the fileupload • process, is_uploaded_file() and move_uploaded_file(). $_FILES['userfile']['tmp_name']: This variable specifies the temporary name assigned to the file once it has been uploaded to the server. This is the name of the file assigned to it while stored in the temporary directory (specified by the PHP directive upload_tmp_dir). $_FILES['userfile']['type']: This variable specifies the MIME type of the file uploaded from the client machine. Therefore, in the case of the vacation.png image file, this variable would be assigned the value image/png. If a PDF was uploaded, the value application/pdf would be assigned. Because this variable sometimes produces unexpected results, you should explicitly verify it yourself from within the script.
  • 10. Determining Whether a File Was Uploaded • The is_uploaded_file() function determines whether a file specified by the input parameter filename is uploaded using the POST method. Its prototype follows: • boolean is_uploaded_file(string filename) • This function is intended to prevent a potential attacker from manipulating files not intended for interaction via the script in question. For example, consider a scenario in which uploaded files are made immediately available for viewing via a public site repository. Say an attacker wants to make a file somewhat juicier than the boring old class notes available for his perusal, say /etc/passwd. Rather than navigate to a class notes file as would be expected, the attacker instead types /etc/passwd directly into the form’s file-upload field. • Now consider the following script: • <?php • copy($_FILES['classnotes']['tmp_name'], • "/www/htdocs/classnotes/".basename($classnotes)); • ?> • The result of this poorly written example would be that the /etc/passwd file is copied to a publicly accessible directory. (Go ahead, try it. Scary, isn’t it?) To avoid such a problem, use the is_uploaded_file() function to ensure that the file denoted by the form field (in this case, classnotes) is indeed a file that has been uploaded via the form.
  • 11. • Here’s an improved and revised version of the previous example: • <?php • if (is_uploaded_file($_FILES['classnotes']['tmp_name'])) { • copy($_FILES['classnotes']['tmp_name'], • "/www/htdocs/classnotes/".$_FILES['classnotes']['name']); • } else { • echo "<p>Potential script abuse attempt detected.</p>"; • } • ?> • In the revised script, is_uploaded_file() checks whether the file denoted by • $_FILES['classnotes']['tmp_name'] has indeed been uploaded. If the answer is yes, the file is copied to • the desired destination. Otherwise, an error message is displayed.
  • 12. Moving an Uploaded File • The move_uploaded_file() function provides a convenient means for moving an uploaded file from the temporary directory to a final location. Its prototype follows: • boolean move_uploaded_file(string filename, string destination) • Although copy() works equally well, move_uploaded_file() offers one additional feature: it will check to ensure that the file denoted by the filename input parameter was in fact uploaded via PHP’s HTTP POST upload mechanism. If the file has not been uploaded, the move will fail and a FALSE value will be returned. Because of this, you can forgo using is_uploaded_file() as a precursor condition to using move_uploaded_file(). • Using move_uploaded_file() is simple. Consider a scenario in which you want to move the uploaded class notes file to the directory /www/htdocs/classnotes/ while also preserving the file name as specified on the client: • move_uploaded_file($_FILES['classnotes']['tmp_name'],"/www/htdocs/classnotes/" .$_FILES['classnotes']['name']); • Of course, you can rename the file to anything you wish after it’s been moved. It’s important, however, that you properly reference the file’s temporary name within the first parameter.
  • 13. Upload Error Messages • How do you know with certainty that the file-upload procedure was successful? And if something goes awry during the upload process, how do you know what caused the error? Happily, sufficient information for determining the outcome (and in the case of an error, the reason for the error) is provided in $_FILES['userfile']['error']: • UPLOAD_ERR_OK: A value of 0 is returned if the upload is successful. • UPLOAD_ERR_INI_SIZE: A value of 1 is returned if there is an attempt to upload a file whose size exceeds the value specified by the upload_max_filesize directive. • UPLOAD_ERR_FORM_SIZE: A value of 2 is returned if there is an attempt to upload a file whose size exceeds the value of the max_file_size directive, which can be embedded into the HTML form • UPLOAD_ERR_PARTIAL: A value of 3 is returned if a file is not completely uploaded. • This might happen if a network error causes a disruption of the upload process. • UPLOAD_ERR_NO_FILE: A value of 4 is returned if the user submits the form without specifying a file for upload. • UPLOAD_ERR_NO_TMP_DIR: A value of 6 is returned if the temporary directory does not exist. • UPLOAD_ERR_CANT_WRITE: Introduced in PHP 5.1.0, a value of 7 is returned if the file can’t be written to the disk. • UPLOAD_ERR_EXTENSION: Introduced in PHP 5.2.0, a value of 8 is returned if an issue with PHP’s configuration caused the upload to fail.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Taking Advantage of PEAR: HTTP_Upload • While the approaches to file uploading discussed thus far work just fine, it’s always nice to hide some of the implementation details by using a class. The PEAR class HTTP_Upload satisfies this desire quite nicely. • It encapsulates many of the messy aspects of file uploading, exposing the information and features you’re looking for via a convenient interface. This section introduces HTTP_Upload, showing you how to take advantage of this powerful, no-nonsense package to effectively manage your site’s upload mechanisms. • Installing HTTP_Upload • To take advantage of HTTP_Upload‘s features, you need to install it from PEAR. The process for doing so follows: • %>pear install HTTP_Upload • downloading HTTP_Upload-0.9.1.tgz ... • Starting to download HTTP_Upload-0.9.1.tgz (9,460 bytes) • ....done: 9,460 bytes • install ok: channel://pear.php.net/HTTP_Upload-0.9.1 • Uploading a File • Uploading a file with HTTP_Upload is simple. Just invoke the class constructor and pass the name of the file-specific form field to the getFiles() method. If it uploads correctly (verified using the isValid() method), you can then move the file to its final destination (using the moveTo() method)
  • 21.
  • 22. Uploading Multiple Files • One of the beautiful aspects of HTTP_Upload is its ability to easily manage multiple file uploads. To handle a form consisting of multiple files, all you have to do is invoke a new instance of the class and call • getFiles() for each upload control. Suppose the aforementioned professor has gone totally mad and now demands five homework assignments daily from his students.
  • 23. HOMEWORK: WRITE A PHP SCRIPT TO ACCEPT FIVE FILES(HOMEWORK) FROM THE HTML FORM SHOWN PREVIOUSLY. SUBMISSION: AFTER 4 DAYS