I have a PHP file that has a $_FILES variable in it, and I obviously have a temp file of the file uploaded saved. Problem is that what I want to do is let the user upload the image, validate that it's okay (both via 1st php file), and then allow the user to enter info about the image. From the info I can obtain the name of the image and use move_uploaded_file() to save the image (on the second PHP). The problem is that the file uploaded to the temp file is, well, temporary, and so I can't use it in my second PHP file. Is there any way to go around that? I can move_uploaded_file() in the first file but I'm looking for something easier. I still want it to be like a temp folder in the sense that the file is temporary, but I want to keep it for a couple of minutes after the execution of the first PHP file...
Thanks.
The first page - the one that accepts the file - will need to use move_uploaded_file(). You cannot escape this requirement.
However, you can use tempnam() to create a new temporary filename and use move_uploaded_file() to copy the file to that name. Then pass that second filename to the second page so it knows where it is.
The other alternative is to collapse all the input and processing into one POST, so that all the information is entered at the same time the file is uploaded. This approach has always worked for me.
Related
I don't want to read file using tmp_name. Is there any other possible methods to read file from a folder with its original name that I stored in databases?
Also, I am trying to access contents of that file in second form.
All else being equal: No.
A file was uploaded and it was saved to a temporary place with a generated filename and your PHP program was told what filename the client said it should have. The two filenames are not the same.
You can't access it using its original file name because that isn't the file name it has on the computer running the PHP.
The script handling the upload could use move_uploaded_file to move the file to somewhere else and change its name so it is the same as the one the client told you it originally had. Then you would be able to use that name. You would, of course, have to be careful to avoid collisions. Two different files with the same name could be uploaded.
I am working on an application, where the user has to upload files in a cart.e.g. the user upload the file "A" and now doing different work. After some time he again upload another file, file "B". How I can manage the file path or store the file path, as if I use move_uploaded_file() function, then it can overwrite the other user's file with same file name.
Thanks.
When I've had this issue, I have used a timestamp added to the filename. Usually I want to cleanse the filename anyway, so I
replace characters I don't like
remove the file extension and check it looks OK (e.g. pdf not exe)
add a timestamp to the filename
put the extension back on
Obviously, this isn't suitable in every instance, but it might give you some ideas.
Create folder run time against session id, that way only current session user files goes to the folder.
temp_uploads/ (main uploads folder)
temp_uploads/_jhk43543h5h435k3453 (session id folder for user 1)
temp_uploads/_jhk43543h5h435k34tr (session id folder for user 2)
temp_uploads/_jhk43543h5h43trtrtg (session id folder for user 3)
you just need store session id for each user, which you maybe you are already doing.
happy Coding :)
You use php's time function to generate a timestamp that you append to the filename so that they can be different. Then you can use a column in the db to store the file paths. You could store all the file paths in the same column but separate each one with ; or any other character. To get the separate paths, you can use php's explode function.
my requirement is this :
" When users uploaded one file say "sample.tex" then i need to find the same name PDF file in that directory once he upload the "sample.tex". so file name should be "sample.pdf". we have one form that contain two input file fields.. check the image for reference.
http://img40.imageshack.us/i/proofbb.png/
once user upload the first file and click the "Show Author Email(s)" then i need to find another file "sample.pdf" in the same path and put in below file field. Is that possible in PHP or JQUERY or watever... not only PHP Even Java is also fine. Please help me to find the solution.
Regards
Dipen
You cannot do that with plain JavaScript. You can't even obtain the path information from your "first file"; all the browser will tell you is the plain file name (that is, the file name without any path information). You also cannot force a "file" input field to be set to a value.
You might be able to do this by creating a signed Java applet, but that's a whole different enchilada and you'd pretty much have to make the whole form be a Java thing.
(There's nothing you can do from PHP, as all the server will get is the plain filename and no path information at all.)
Let the user do it. Use uploadify with multiple simultaneous uploads enabled. So simple.
I have a form where an admin will upload three pictures with different dimensions to three different designated directories. now to make sure that i don't get into the problem of duplicate file names i implemented something like the php will compare the uploaded file name and it will check if that file name exist in the designated directory if yes then it will echo an error and stop the script execution.
Now one of my friend suggested me that it is very bad asking the admin to manually rename the picture file and asking them to take care of the file duplication problem. the solution he suggested was to rename the file automatically and then store it in the database and then direct it to directory.
I am confused about what combination should i give to the renamed file and also make sure it will remain unique file name to be more precise i would like you to understand my directory structure
as i said there will be three pictures files the admin will be uploading namely
a) Title Picture b) Brief Picture c)
Detail Picture
and all the three picture files will be moved to the different respective directory, like title picture goes to title directory and so on.
i am using to script below currently just to move and store the file name with path using varchar in the database.
$ns_pic_title_loc= $_FILES["ns_pic_title"]["tmp_name"];
$ns_pic_title_name = $_FILES["ns_pic_title"]["name"];
move_uploaded_file($ns_pic_title_loc, $ns_title_target.$ns_pic_title_name) or die(mysql_error());
that is just the sample code i havent included the validation function which i am using. i was thinking like i want to rename all the files like
a) In title directory the file should be stored as.
title_1.jpg
title_2.jpg
title_3.jpg
title_4.jpg
and so on
and the same way to rest of the pictures. how do i do that? what function do i use to achieve my target. and if this is not the good way to rename the file i would appreciate any suggestion followed to rename the file.
thanks in advance
Well, here's a possible solution:
Get uploaded filename from $_FILES["ns_pic_title"]["name"] and separate extension OR if we are only talking about image files get the image type with getimagesize($_FILES["ns_pic_title"]["tmp_name"]);
Check your database for the maximum id of the image records and make the the $file_name variable 'title_'.($max_id + 1)
At this point you should have $file_name and $file_extension so do move_uploaded_file($_FILES["ns_pic_title"]["tmp_name"], $ns_title_target.$file_name.'.'.$file_extension)
Hopefully this makes sense and helps.
There are a couple of good options with various pros and cons.
Use php's tempnam when moving the file, and store the path in your mysql database. tempnam generates a unique filename.
Use mysql to store the image content in a blob. This way you will access the image content via an id instead of a pathname.
Instead of having logic to figure out what the latest picture name is and calculate the next number increment, why not just use PHP's tempnam() function? It generates an unique name with a prefix of your choice (i.e., "title", "brief", "detail"). You could also simply prepend a timestamp to the file name -- if you don't have a whole lot of admins uploading pictures at the same time, that should handle most name conflicts.
Since your pictures are going to be sorted into title, brief and detail directories already, it's not really necessary to name each picture title_*, brief_*, and detail_*, right? If it's in the title directory, then it's obviously a title picture.
Also, you're going to be putting the file names in the database. Then elsewhere in the app, when you want to display a picture, I assume you are getting the correct file name from the database. So it isn't really important what the actual file name is as long as the application knows where to find it. If that's correct, it's not necessary to have a very friendly name, thus a tempnam() file name or a timestamp plus the original file name would be acceptable.
Because you are storing references into the DB, I would prefer to just md5 the datetime and use that for the filename and store the disk filename to the DB also. It doesn't matter what name it is written to disk with as long as you can point to it with the unique name into the DB.
I use this methodology, and in none of my testing does the disk name (md5 from the datetime) ever require multiple tries.
I am in the middle of making a script to upload files via php. What I would like to know, is how to display the files already uploaded, and when clicking on them open them for download. Should I store the names and path in a database, or just list the conents of a directory with php?
Check out handling file uploads in PHP. A few points:
Ideally you want to allow the user to upload multiple files at the same time. Just create extra file inputs dynamically with Javascript for this;
When you get an upload, make sure you check that it is an upload with is_uploaded_file;
Use move_uploaded_file() to copy the file to wherever you're going to store it;
Don't rely on what the client tells you the MIME type is;
Sending them back to the client can be done trivially with a PHP script but you need to know the right MIME type;
Try and verify that what you get is what you expect (eg if it is a PDF file use a library to verify that it is), particularly if you use the file for anything or send it to anyone else; and
I would recommend you store the file name of the file from the client's computer and display that to them regardless of what you store it as. The user is just more likely to recognise this than anything else.
Storing paths in the database might be okay, depending on your specific application, but consider storing the filenames in the database and construct your paths to those files in PHP in a single place. That way, if you end up moving all uploaded files later, there is only one place in your code you need to change path generation, and you can avoid doing a large amount of data transformation on your "path" field in the database.
For example, for the file 1234.txt, you might store it in:
/your_web_directory/uploaded_files/1/2/3/1234.txt
You can use a configuration file or if you prefer, a global somewhere to define the path where your uploads are stored (/your web directory/uploaded files/) and then split characters from the filename (in the database) to figure out which subdirectory the file actually resides in.
As for displaying your files, you can simply load your list of files from the database and use a path-generating function to get download paths for each one based on their filenames. If you want to paginate the list of files, try using something like START 0, LIMIT 50; in mySQL. Just pass in a new start number with each successive page of upload results.
maybe you should use files, in this sense:
myfile.txt
My Uploaded File||my_upload_dir/my_uploaded_file.pdf
Other Uploaded File||my_upload_dir/other_uploaded.html
and go through them like this:
<?php
$file = "myfile.txt";
$lines = file($file);
$files = array();
for($i=0;$i<=count($lines)-1;$i++) {
$parts = explode($lines[$i]);
$name = parts[0];
$filename = parts[1];
$files[$i][0] = $name;
$files[$i][1] = $filename;
}
print_r($files);
?>
hope this helps. :)
What I always did (past tense, I haven't written an upload script for ages) is, I'd link up an upload script (any upload script) to a simple database.
This offers some advantages;
You do not offer your users direct insight to your file system (what if there is a leak in your 'browse'-script and you expose your whole harddrive?
You can store extra information and meta-data in an easy and efficient way
You can actually query for files / meta-data instead of just looping through all the files
You can enable a 'safe-delete', where you delete the row, but keep the file (for example)
You can enable logging way more easily
Showing files in pages is easier
You can 'mask' files. Using a database enables you to store a 'masked' filename, and a 'real' filename.
Obviously, there are some disadvantages as well;
It is a little harder to migrate, since your file system and database have to be in sync
If an operation fails (on one of both ends) you have either a 'corrupt' database or file system
As mentioned before (but we can not mention enough, I'm afraid); _Keep your uploading safe!_
The MIME type / extension issue is one that is going on for ages.. I think most of the web is solid nowadays, but there used to be a time when developers would check either MIME type or extension, but never both (why bother?). This resulted in websites being very, very leaky.
If not written properly, upload scripts are big hole in your security. A great example of that is a website I 'hacked' a while back (on their request, of course). They supported the upload of images to a photoalbum, but they only checked on file extension. So I uploaded a GIF, with a directory scanner inside. This allowed me to scan through their whole system (since it wasn't a dedicated server; I could see a little more then that).
Hope I helped ;)