Upload System

XXX · 31-07-07, 17:40

What are the basic principals of an upload system..i got tons of scripts sittin on my desktop..but i just wana know like what procedures should be taken for an upload to be suxesful?

**blackhowk** · 01-08-07, 07:40

Hello,
1. Create one form like:
<form enctype="multipart/form-data" action="WHERE_YOU_POST" method="POST"> // define the method
<input name="upload" type="file" />

//define the name and type
<input type="submit" value="upload" /> // submit button
</form>

2. Create the "WHERE YOU POST" step by step,

$today = date("His"); // date - if you use this to rename the uploads

// define what you allow
// like gif images
$types = array(
"image/png",
"image/jpeg",
"image/gif",
"image/pjpeg",
"image/bmp",
"image/vnd.wap.wbmp",
"video/3gpp",
"audio/midi",
"audio/wav",
"audio/x-wav",
"audio/amr",
"audio/mp4",
"audio/mpeg",
"audio/3gpp",
"audio/mp3",
"image/x-bmp",
"application/x-smaf",
"video/avi",
"video/mpeg",
"video/mp4",
"audio/x-ms-wma",
"application/java",
"application/java-archive",
"text/vnd.sun.j2me.app-descriptor",
"application/vnd.symbian.install");

// check if the upload match with allowed extension

if (in_array($_FILES['upload']['type'], $types))

{
if ($_FILES['upload']['size'] < $size) // here you allow one value for each upload

{

$tmp_name = $_FILES['upload']['tmp_name']; // temp folder - here server put the upload short time (lol)

$new_name = $today .'_'. $_FILES['upload']['name']; // rename the upload if you have identic name

$target_path = "up/"; // path to final upload folder

$target_path = str_replace("..", "", str_replace("\.", "", str_replace("//", "/", $target_path))); // replace some values like spaces

$clean_name = ereg_replace("[^a-z0-9._]", "", str_replace(" ", "_", str_replace("%20", " ", strtolower($new_name) ) ) ); // make all names lowercase

move_uploaded_file($tmp_name,$target_path . $clean_name); // and the final and most important thing. move from temp in UP folder.

XXX · 01-08-07, 19:00

Hello,
1. Create one form like:
<form enctype="multipart/form-data" action="WHERE_YOU_POST" method="POST"> // define the method
<input name="upload" type="file" />

//define the name and type
<input type="submit" value="upload" /> // submit button
</form>

2. Create the "WHERE YOU POST" step by step,

$today = date("His"); // date - if you use this to rename the uploads

// define what you allow
// like gif images
$types = array(
"image/png",
"image/jpeg",
"image/gif",
"image/pjpeg",
"image/bmp",
"image/vnd.wap.wbmp",
"video/3gpp",
"audio/midi",
"audio/wav",
"audio/x-wav",
"audio/amr",
"audio/mp4",
"audio/mpeg",
"audio/3gpp",
"audio/mp3",
"image/x-bmp",
"application/x-smaf",
"video/avi",
"video/mpeg",
"video/mp4",
"audio/x-ms-wma",
"application/java",
"application/java-archive",
"text/vnd.sun.j2me.app-descriptor",
"application/vnd.symbian.install");
// check if the upload match with allowed extension

if (in_array($_FILES['upload']['type'], $types))

{
if ($_FILES['upload']['size'] < $size) // here you allow one value for each upload

{

$tmp_name = $_FILES['upload']['tmp_name']; // temp folder - here server put the upload short time (lol)

$new_name = $today .'_'. $_FILES['upload']['name']; // rename the upload if you have identic name

$target_path = "up/"; // path to final upload folder

$target_path = str_replace("..", "", str_replace("\.", "", str_replace("//", "/", $target_path))); // replace some values like spaces

$clean_name = ereg_replace("[^a-z0-9._]", "", str_replace(" ", "_", str_replace("%20", " ", strtolower($new_name) ) ) ); // make all names lowercase

move_uploaded_file($tmp_name,$target_path . $clean_name); // and the final and most important thing. move from temp in UP folder.[/b]

Ayt thanx..i appreciate that.....il play around....by the way..this moving from the temp folder?how do i know what mines is called?

**blackhowk** · 02-08-07, 06:26

This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

If filename is not a valid upload file, then no action will occur, and move_uploaded_file() will return FALSE.

If filename is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file() will return FALSE. Additionally, a warning will be issued.

you may change the tmp folder or keep open tmp folder and make one upload. you will see the file.

**learner** · 02-08-07, 06:40

mayb this would help u out im not sure

Handling Form-based File Upload with PHP

In this section, we will introduce to you how to handle form-based file uploads with a PHP script. The techniques are the same for HTML and XHTML. At the time of writing, the latest version of PHP is 5.2.0. So, we assume you are using PHP 5.2.0 in this tutorial. For other versions of PHP, the procedures should be similar. If you are not familiar with PHP, you may want to read some introductory tutorials before going through this section.

Parsing Form Data and Getting Information about the Uploaded File with PHP

To extract an uploaded file from an HTTP request, we need to parse the form data that is encoded in the "multipart/form-data" format. In PHP, the form data in an HTTP request is automatically parsed. The PHP engine stores the information of the uploaded files in the $_FILES array.

Now let's say the name attribute value of the <input type="file"> element in a certain HTML/XHTML/XHTML MP document is myFile. To obtain the information about the uploaded file, use the following lines of PHP script:

/* Get the size of the uploaded file in bytes. */
$fileSize = $_FILES['myFile']['size'];

/* Get the name (including path information) of the temporary file created by PHP that contains the same contents as the uploaded file. */
$tmpFile = $_FILES['myFile']['tmp_name'];

/* Get the name of the uploaded file at the client-side. Some browsers include the whole path here (e.g. e:\files\myFile.txt), so you may need to extract the file name from the path. This information is provided by the client browser, which means you should be cautious since it may be a wrong value provided by a malicious user. */
$fileName = $_FILES['myFile']['name'];

/* Get the content type (MIME type) of the uploaded file. This information is provided by the client browser, which means you should be cautious since it may be a wrong value provided by a malicious user. */
$contentType = $_FILES['myFile']['type'];

Nokia cell phones such as Nokia 6230 determine the content type (MIME type) of the file to be uploaded by its file extension. The following table lists some of the file extensions that are recognized by Nokia 6230:

File extension
Content type / MIME type

.jpg
image/jpeg

.gif
image/gif

.png
image/png

.wbmp
image/vnd.wap.wbmp

.txt
text/plain

If the Nokia 6230 cell phone does not recognize a file extension, it will specify "application/octet-stream" as the content type / MIME type of the file in the HTTP request.

**learner** · 02-08-07, 06:42

read this aswell

PHP Directives Related to (Large) File Upload

Directives are used to configure the PHP engine. They are placed in PHP's configuration file php.ini. There are a number of directives that are related to file upload and they may be useful to you (very often you can stick with the default values and do not need to modify them). The following table lists the directives and provides a brief description of each of them:

PHP Directive
Brief Description
Example

file_uploads
It specifies if file upload is allowed in PHP.

The default value is On.

You may need to contact the administrator to make sure the file_uploads directive is set to On.
file_uploads = Off

upload_tmp_dir
It specifies the directory in which uploaded files will be stored temporarily.

It is not specified by default.

If it is not specified, the PHP engine will use the system default temp directory.
upload_tmp_dir = "/temp"

Here are some PHP directives that you may have to change in order to support large file upload. By default, files that are larger than 2MB will be rejected.

PHP Directive
Brief Description
Example

upload_max_filesize
It specifies the maximum file size (in bytes) that the PHP engine will accept.

The default value is 2M (2 * 1048576 bytes).
upload_max_filesize = 4096

post_max_size
It specifies the maximum size (in bytes) of HTTP POST data that is permitted.

The default value is 8M (8 * 1048576 bytes).

Make sure this value is greater than that of the upload_max_filesize directive.
post_max_size = 10M

memory_limit
It specifies the maximum amount of memory (in bytes) that is allowed for use by a PHP script.

The default value is 16M (16 * 1048576 bytes).

This value should be greater than that of the post_max_size directive.
memory_limit = 20M

max_input_time
It specifies the maximum amount of time (in seconds) that is allowed for each PHP script to receive the client's HTTP request.

The default value is 60.

If you need to support large file upload, you may need to increase this value to prevent timeouts.

Note that some users may have a slow connection. You have to take that into account.
max_input_time = 90

max_execution_time
It specifies the maximum amount of time (in seconds) that is allowed for each PHP script to execute.

The default value is 30.

If you need to process large uploaded files with PHP, you may need to increase this value to prevent timeouts.
max_execution_time = 60

**learner** · 02-08-07, 06:44

and this

Checking for Errors

One important thing that you should know is how to check whether there are any errors during the extraction of uploaded files from an HTTP request. If an error has occurred, PHP will set an error code, which can be retrieved using the following line of script (here we assume that the name attribute of the <input type="file"> element is myFile):

$errorCode = $_FILES['myFile']['error'];

If everything works fine, the value of $errorCode will be equal to the UPLOAD_ERR_OK constant. If there is an error, the value of $errorCode will be equal to one of the following constants:

UPLOAD_ERR_INI_SIZE Error Code

The UPLOAD_ERR_INI_SIZE error code means the size of the uploaded file is larger than the value specified by the upload_max_filesize directive.

UPLOAD_ERR_FORM_SIZE Error Code (Use with the MAX_FILE_SIZE Form Field)

The UPLOAD_ERR_FORM_SIZE error code never appears if there is no MAX_FILE_SIZE hidden field in the HTML/XHTML form that contains the <input type="file"> element.

The MAX_FILE_SIZE hidden field is used like this:

<form action="file_upload.php" method="post" enctype="multipart/form-data">

<input name="MAX_FILE_SIZE" value="1048576" type="hidden"/>
<input name="myFile" type="file"/>
<input type="submit"/>
</p>
</form>

In the above HTML/XHTML code, the MAX_FILE_SIZE form field states that the file to be uploaded should not be larger than 1048576 bytes. If a browser supports this form field, it will not allow the user to choose a file that is larger than 1048576 bytes. So, the user does not have to wait for a file to upload to the server in order to find out whether it is too large or not. However, at the time of writing, we cannot find any WAP browsers that support the MAX_FILE_SIZE form field. Also, both IE 6 and Firefox 2.0 do not understand this form field.

No matter whether a web / WAP browser understands the MAX_FILE_SIZE form field or not, if the PHP engine finds that the uploaded file's size is larger than the value specified by the MAX_FILE_SIZE form field, it will give the error code UPLOAD_ERR_FORM_SIZE.

It is important to note that the MAX_FILE_SIZE field value can easily be modified at the client-side. So, the MAX_FILE_SIZE form field is not a reliable way to restrict the size of uploaded files. A better way is to use the upload_max_filesize.

Note that the <input type="file"> element must be placed after the MAX_FILE_SIZE form field.

UPLOAD_ERR_PARTIAL Error Code

The UPLOAD_ERR_PARTIAL error code means the server only receives part of the uploaded file.

UPLOAD_ERR_NO_FILE Error Code

The UPLOAD_ERR_NO_FILE error code means the HTTP request contains no uploaded file.

UPLOAD_ERR_NO_TMP_DIR Error Code

The UPLOAD_ERR_NO_TMP_DIR error code means there is no temporary directory.

UPLOAD_ERR_CANT_WRITE Error Code

The UPLOAD_ERR_CANT_WRITE error code means the uploaded file cannot be written to disk.

**learner** · 02-08-07, 06:46

and read this aswell hahaha

Saving Uploaded Files on the File System with PHP (move_uploaded_file() Function)

Now let's say we find that the error code given by the PHP engine is UPLOAD_ERR_OK and we want to save the uploaded file on the file system without concerning what the uploaded file contains. We can use the move_uploaded_file() function to move the temporary file to the location we wanted. For example:

move_uploaded_file($_FILES['myFile']['tmp_name'], '/upload_files/myFile.txt');

If everything works fine, the temporary file is moved to "/upload_files/myFile.txt" and the move_uploaded_file() function returns true. PHP will overwrite the original "myFile.txt" file if it exists.

Before moving a file, the move_uploaded_file() function checks if the file is really a file uploaded from the client-side using HTTP POST so as to prevent your PHP script from moving password and system files that are not supposed to be moved. If the file does not pass the check or any other errors occur, the file is not moved and the move_uploaded_file() function returns false.

Processing Contents of Uploaded Files with PHP

If you do not want to save the uploaded file directly but to process it, the PHP functions file_get_contents() and fread() can help you. The file_get_contents() function returns a string that contains all data of the uploaded file:

if (is_uploaded_file($_FILES['myFile']['tmp_name']))
$fileData = file_get_contents($_FILES['myFile']['tmp_name']);

The is_uploaded_file() function helps us check if a file is really a file uploaded from the client-side using HTTP POST. If yes, the is_uploaded_file() function returns true, otherwise it returns false.

Make sure the file you are going to process passes the check of the is_uploaded_file() function. This is to prevent your PHP script from processing files (such as password files and system files) that are not supposed to be processed.

If everything works fine, the $fileData variable will contain the data of the uploaded file. (Otherwise it will contain the Boolean value false.) You can then perform what you like to do with the data. For example, to replace all occurrences of the "A" character in the data with the "B" character, you can write something like this:

$fileData = str_replace("A", "B", $fileData);

If the uploaded file is large in size, you will not want to load the whole file into memory with the file_get_contents() function. The fread() function can help you in this case. It reads a number of bytes from a stream. fread() is used together with PHP functions such as fopen(), feof(), fclose(), etc. Here is an example PHP script:

if (is_uploaded_file($_FILES['myFile']['tmp_name'])){
$filePointer = fopen($_FILES['myFile']['tmp_name'], "rb");

if ($filePointer!=false){
while (!feof($filePointer)){
$fileData = fread($filePointer, 4096);

// Process the contents of the uploaded file here...

}

fclose($filePointer);
}
}

Before we can read the contents of the uploaded file with fread(), we have to open a stream on the file first. This is achieved using the PHP function fopen(). The fopen() function takes two parameters -- a file name and a flag that controls the type of access. In the above PHP script, we specify "rb" as the flag. The "r" letter states that we want to open the uploaded file for reading and the "b" letter states that we want to open the file in binary mode. If the uploaded file is opened successfully, fopen() returns a file pointer (or it can be called a file handle), otherwise it returns false.

The PHP function feof() is used to check whether the file pointer has reached the EOF (end-of-file) character. If yes, the feof() function returns true, otherwise it returns false. In the above PHP script, we use a while loop to repeatedly check whether the end of the file has been reached. If the end of the file has not been reached, we will read the file data with fread(), otherwise we will close the file.

The PHP function fread() is used to read a certain number of bytes. It takes two parameters -- a file pointer and an integer specifying the number of bytes to read. In the above PHP script, we read at most 4096 bytes of data each time. For example, if the size of the uploaded file is 5000 bytes, fread() reads 4096 bytes of data when it is called the first time and 904 bytes of data when it is called the second time. If fread() fails, it returns false.

The PHP function fclose() is used to close the file stream.

Retrieving Values of Ordinary Form Fields with PHP

If your HTML/XHTML form contains ordinary input fields like <input type="text"> besides <input type="file">, you can use the $_POST array to retrieve the form field values. The format is like this:

$_POST[value_of_name_attribute]

In the above line, value_of_name_attribute represents the name attribute value of the <input> element. For example, we will use the PHP code below:

$_POST['filename']

to retrieve the value of the input field:

<input name="filename" type="text"/>