I have a REST service where I want to update a file over PUT.
When I use POST I used the following to get the uploaded file:
/**
* #var Request $request
*/
$request->files->get('file');
How to get an uploaded file send as PUT in Symfony Framework?
When you receive a POST request, you get a form submitted with one or more fields, and these fields include any files (possibly more than one file). The Content-Type is multipart/form-data.
When you PUT a file, the file's data is the request body. It's like the opposite of downloading a file with GET, where the file's content is the response body. In this case, if you receive a JPG file via a PUT request, the Content-Type will be image/jpeg. Of course this means you can only submit one file with each PUT request.
You should therefore use $request->getContent() to receive the data. If the content has other information in addition to the submitted file, then technically speaking it is a malformed PUT request, and should probably be sent as a POST instead.
Although you can't send any other fields with a PUT request, you can still use the query string to provide some additional short fields where appropriate. For example you might upload a file via a PUT request to /api/record/123/attachment?filename=example.pdf. This would allow you to receive both an uploaded file, another data field (the filename) and the ID (123) of the record to attach the upload to.
The easiest way where you don't need to change your api you submit the file and data you want to change as method POST and add query parameter ?_method=PUT to the url. In your front controller app.php/index.php you need to enable this feature with:
Request::enableHttpMethodParameterOverride();
Related
I am using an email template that is included using file_get_contents in my email script file.
The data from my contactform is posted to that email script. I would like to display the posted data inside the template layout. I can't echo the variables containing the posted data in the template file, so how would I do this?
file_get_contents only returns the text if I'm correct so it doesn't recognize variables right?
Actually you CAN turn the file you request with file_get_contents into a PHP file to echo your data. You need to use GET variables when you request the file with file_get_contents example:
file_get_contents('http://somedomain.com/somefile.php?name=yourname');
After you do that, the requested PHP file gets executed on the server before it returns the result. so you can simply echo your data in the template at the desired place.
echo $_GET['name'];
as #marc B commented:
This will NOT work unless you use a full-blown url, causing an http request. your "url" will cause PHP to do a LOCAL fopen and look for a file which has the literal characters ?, n, a etc.. in the filename.
I have an app that sends a request to my server, you can see the code below:
Method: POST
multipart/form-data; boundary=—————————14737809831466499882746641449
Content-Type Content-Disposition: form-data; name=\'Stackoverflow\'; filename=\'.%#\'\r\n
Content-Type: application/octet-stream\r\n\r\n
This request works and I receive a real request in my PHP Server, the problem is that I am not knowing catch these values with PHP, since the commands $_GET['name'] and $_POST['name'] are not working.
How can I handle this parameters?
This is not much to solve the Problem.
Are you opening the site like that: http://www.example.com/index.php?getvar=test
or like that: http://www.example.com/index.php
?
in the second case it can't get an $_GET value because there is no variable
in the first case try to check if the variable exists like that: if(isset($_GET['getvar']))
and check if the $_POST variable exists before using it.
if not you should look over your code and correct your mistakes.
If you need more help please post the php code in here.
you should look into $_FILES['filename'] ('filename' is name of parameter containing file), there will be info about uploaded file.
it contains array, from which you probably want 'tmp_name' key ($_FILES['filename']['tmp_name']), which contains temporary location of stored file. This temporary file will be deleted after the end of request, so you will want to move it elswhere.
not sure if docs are helpful in this situation, but there they are:
http://php.net/manual/en/reserved.variables.files.php
For my RESTFUL API server I'm trying to use the "PUT" method for uploading a file.
Actions started as reading php://input.
So, how can pass file name or some other parameters to action and display them?
You can use post method therefore, you can collect data from form-data using $_POST the super global variable because, there is no super global like $_PUT for put method.
when use GET Method for receive JSON data , we can acsses the result directly from web browser , for example i send a mydata value from ajax to a main.php file and it process and get answer show a result some thing like below :
<?php
if (isset($_GET["mydata"])) {
if ($_GET["mydata"]=="hello"){
echo "hello world";
}
}
?>
but when a user call it in browser directly like http:mysite.com/mydata.php?mydata=hello recive answer . i want dont allow users to get answer of http request directly , and just can show it from ajax result of main page is it possible ?
You're asking how to prevent an ajax-only request from being accessed directly by copy-pasting the URL into the web browser; that is, only allowing the URL to be accessible via ajax on the main web page.
Well, there are a few things you can try:
Check the Referrer for the URL of the main page with $_SERVER['HTTP_REFERER']
Set a header in Javascript using xhr.setRequestHeader() and then ensure it's value by checking for $_SERVER['HTTP_X_....'] in PHP
Like Jay Bhatt recommended, check for the X_REQUESTED_WITH header, but be aware this might not always be set (see: X-Requested-With header not set in jquery ajaxForm plugin)
However, in any of these situations you should be aware that anyone who knows what they are doing can easily set any HTTP header, variable, or even modify the referrer which is sent to the server. As such, there is no 100% guarantee that your resouce can be accessed only via AJAX on the main web page. There is no control built in the internet to verify where a request is coming from, so anyone can easily spoof or fake it.
I am trying to write a script for uploading large files (>500MB). I would like to do some authentication before the upload is processed, eg:
$id = $_GET['key'];
$size = $_GET['size'];
$time = $_GET['time'];
$signature = $_GET['signature'];
$secret = 'asdfgh123456';
if(sha1($id.$size.$time.$secret) != $signature){
echo 'invalid signature';
exit;
}
process upload...
unfortunately php only runs this code after the file has been uploaded to a temp directory, taking up valuable server resources. Is there a way to do this before the upload happens? I have tried similar things with perl/cgi but the same thing happens.
Wow, already 5 answers telling how it can't be done. mod_perl to the rescue, here you can reject a request before the whole request body is uploaded.
Apache is taking care of the upload before the PHP script is even invoked so you won't be able to get at it.
You can either split up the process into two pages (authentication, file upload page) or, if you need to do it all in one page, use an AJAX-esque solution to upload the file after authentication parameters are checked.
As far as I know, you cannot do that in PHP. PHP script is launched in response to a request, but a request is not "sent" until the file is uploaded, since the file being uploaded is a part of the request.
This is definitely not possible inside the PHP script you're uploading to.
The most simple possibility is indeed to provide authentication one step before the upload takes place.
If that is not an option, one slightly outlandish possibility comes to mind - using a RewriteMap and mapping it to an external program (it should be possible to make that program a PHP script).
Using RewriteMap it is possible to rewrite an URL based on the output of a command line program. If you use this directive to call a (separate) PHP script - you won't be able to use the user's session, though! - you would have access to the GET parameters before the request is processed.
If the processing fails (= the credentials are invalid), you could redirect the request to a static resource which would at least prevent PHP from starting up. (I assume the uploaded will be hogging some resources anyway, but probably less than if it were redirected to PHP.)
No guarantees whether this'll work! I have no own experience with RewriteMap.
This is due to the fact that each HTTP request is a single contains all the of form/POST data, including the file upload data.
As such, I don't believe it's possible to handle a file upload request in this fashion irrespective of which scripting language you use.
I don't think you can do this. The best you can do is probably to run an AJAX function onSubmit to do your validation first, then if it returns valid then execute the POST to upload the file. You could set a $_SESSION in your AJAX script if the authentication is valid, then check for that session var in the upload script to allow the upload.