I am getting a problem in following code:
$file_name = date('Y-m-d H:i:s.') . gettimeofday()['usec'];
$uploaddir = 'customerupload/';
$file = basename($_FILES['profile_photo']['name']);
$newname = $file_name . $file;
$uploadfile = $uploaddir . $newname;
if (move_uploaded_file($_FILES['profile_photo']['tmp_name'], $uploadfile))
{
//my Logic
}
The error is:
What can be the cause?
Try to use DIRECTORY_SEPARATOR for correct path syntax: http://php.net/manual/en/dir.constants.php
And do not trust filenames coming from forms in this simple way.
$file_name = date('Y-m-d H-i-s.') . gettimeofday()['usec'];
i used : but i have replaced it by - so its working
Related
I have a php script which uploads files:
for($index = 0;$index < count($_FILES['files']['name']); $index++){
// File name
$filename = $_FILES['files']['name'][$index];
// File path
$path = '../pdf/'.$filename;
// Upload file
if(!move_uploaded_file($_FILES['files']['tmp_name'][$index],$path)){
// ERROR
exit;
}
This works fine!
But I would like to modify the filename while uploading:
For example:
I uploading a "upload.pdf" file.
But I would like to get the name "upload_2021.pdf"
How can I realize it?
I found a solution !!
$path = '../pdf/'.$filename;
$extension = pathinfo($path, PATHINFO_EXTENSION);
$name = pathinfo($path, PATHINFO_FILENAME);
From what I can see, the only thing you need to do is change the $path variable.
Bare in mind, that what you are showing here is not a safe and secure upload script. You are not doing any file and mime-type validation what so ever. There is nothing preventing your users from uploading harmful files. Together with not checking for duplicate files and some other edge cases, think twice before putting this into production.
for($index = 0;$index < count($_FILES['files']['name']); $index++){
// File name
$filename = $_FILES['files']['name'][$index];
$parts = explode(".", $filename);
$year = date("Y");
// File path
$path = '../pdf/'.$parts[0] . '_' $year . '.' . $parts[count($parts)-1];
// Upload file
if(!move_uploaded_file($_FILES['files']['tmp_name'][$index],$path)){
// ERROR
exit;
}
}
a short example:
$temp = explode(".", $_FILES["file"]["name"]);
$newfilename = round(microtime(true)) . '.' . end($temp);
move_uploaded_file($_FILES["file"]["tmp_name"], "../img/imageDirectory/" . $newfilename);
I have a problem when I want to upload a file to digital ocean, there is a 403 error, even though I'm sure the key, secret and endpoint are correct
this is my simple code
$tes= Storage::disk('digitalocean')->putFileAs('url', request()->file('url'), time().'.'.$extension);
dd($tes);
if ($request->hasFile('url')) {
$file = $request->file('url');
$ext1 = $file->getClientOriginalExtension();
// $st_random = str_random(10);
//dd($file);
$st_random = Str::random(10);
$filename = $file->getClientOriginalName();
$filename = explode(".", $filename);
$ext = $ext1;
$filename = $filename[0] . $st_random . "." . $ext;
Storage::disk('digitalocean')->put('/' . $filename, File::get($file));
$csv = 'digitalocean/' . $filename;
}
note
use Storage;
use Str;
use File;
you have to try this file uploading . it may solve your problem .
Please i need help on this.
I was uploading an image to my server using the move_uploaded_file() method, the method returns true bu the uploaded file was not found inside the specified directory on my server. i have checked thoroughly, searched for the file on the server in case it was uploaded to another directory, checked the permission on the directory but all seems perfect. i really dont know what went wrong .
Here is the snippet of the code.
$uploaddir = './upload_dir/';
$allowed = array('gif', 'png', 'jpg','bmp');
$filename = $_FILES['uploadfile']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$data = array();
if (!in_array($ext, $allowed)) {
$data['status'] = 'error';
$data['error_message'] = 'Invalid file type';
}
else{
$file_name = time() . '_' . uniqid() . '_' . basename($_FILES['uploadfile']['name']);
$file_name = preg_replace('/[^a-z0-9_\.\-]+/i', '_', $file_name);
$file = $uploaddir . $file_name;
if (isset($_FILES['uploadfile']['tmp_name']) && move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file)) {
$data['status'] = 'success';
$data['file_name'] = $file_name;
} else {
$data['status'] = 'error';
}
echo json_encode($data);
}
Thanks in advance.
Please use is_uploaded_file($_FILES['uploadfile']['tmp_name']) instead of isset($_FILES['uploadfile']['tmp_name']) for security reason check here
And for the upload dir use $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/upload_dir/"; instead of $uploaddir = './upload_dir/'; to get absolute path instead of relative one.
thanks everyone. I gave the wrong permission to the folder. that seems to be the problem for my own case.
I have this snippet from my uploadify.php:
if (!empty($_FILES)) {
$name = $_FILES['Filedata']['name'];
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $targetFolder;
$targetFile = rtrim($targetPath,'/') . '/' . $_FILES['Filedata']['name'];
$path = pathinfo($targetFile);
// this portion here will be true if and only if the file name of the uploaded file does not contain '.', except of course the dot(.) before the file extension
$count = 1;
list( $filename, $ext) = explode( '.', $name, );
$newTargetFile = $targetFolder . $filename . '.' . $ext;
while( file_exists( $newTargetFile)) {
$newTargetFile = $targetFolder . $filename . '(' . ++$count . ')' . '.' . $ext;
}
// Validate the file type
$fileTypes = array('pdf'); // File extensions
$fileParts = pathinfo($_FILES['Filedata']['name']);
if (in_array($fileParts['extension'],$fileTypes)) {
move_uploaded_file($tempFile,$newTargetFile);
echo $newTargetFile;
} else {
echo 'Invalid file type.';
}
return $newTargetFile;
}
Basically this is quite working. Uploading the file and getting the path of the file which will then be inserted on the database and so on. But, I tried uploading a file which file name looks like this,
filename.1.5.3.pdf
and when succesfully uploaded, the file name then became filename alone, without having the file extension and not to mention the file name is not complete. From what I understood, the problem lies on my explode(). It exploded the string having the delimiter '.' and then assigns it to the variables. What will I do to make the explode() cut the string into two where the first half is the filename and the second is the file extension? PLease help.
Don't use explode, use a function designed for the job: pathinfo()
$ext = pathinfo($_FILES['Filedata']['name'], PATHINFO_EXTENSION);
what im trying to do here, get the current file and then upload it,find the extension of the file and rename it! and echo the result!! but it seems wrong, and i dnt know which part!! :((
$fieldname = $_REQUEST['fieldname'];
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . basename($_FILES[$fieldname]['name']);
if (move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadfile)) {
//find the extension
$extension= pathinfo($uploadfile);
//rename the file
rename ($uploadfile, "newfile.".$extenion['extension']."");
echo "uploads/newfile.'".$extension['extension']."'"; // "success"
}
I think you should do something like this:
$fieldname = $_POST['fieldname']; // don't use $_REQUEST
$extension = pathinfo($_FILES[$fieldname]['name'], PATHINFO_EXTENSION);
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . 'newfile.'.$extension;
if (move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadfile)) {
// success
}
move_uploaded_file already "renames" the file, there is no need to call rename manually. Just make it in a single operation.
You probably also noticed that I've passed PATHINFO_EXTENSION to pathinfo, since you need only the extension and not the complete path information.
Lastly, I used $_POST instead of $_REQUEST. You shouldn't use $_REQUEST unless you really know what you are doing. This could lead to unexpected variables tampering from cookies or session, per example.
$fieldname = $_POST['fieldname']; #its never going to be a GET! ..not sure y u need this though, the file field should hold the array key, but anyway...
#get the extension by removing everything before the last dot
$extension = preg_replace('#.+\.#', '', $_FILES[$fieldname]['name']);
$newname = "newfile.".$extension;
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . $newname;
if (move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadfile)) {
echo "$uploadfile"; // "success"
}
Untested, but the logic is mo straight to the point.
You should use the new filename as the second argument to move_uploaded_file:
$fieldname = $_REQUEST['fieldname'];
$tmpfile = $_FILES[$fieldname]['tmp_name'];
$info = pathinfo($tmpfile);
$filename = 'newfile.' . $info['extension'];
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . $filename;
if(move_uploaded_file($tmpfile, $uploadfile)) {
echo $uploadfile;
}