I'm trying to populate a second file input with the selected file from the first.
I've looked into this and, for security reasons, it's not possible to get the full path from one file input - only the file name. This isn't of any help as the other file input won't be able to upload as it won't be able to find the file.
Example:
<input type="file" id="1" /> - User browse the file by clicking on this input
<input type="file" id="2" /> - This input gets the value from the other file input
The reason I want to do this is because I am building a web app in Wordpress that allows users to upload a photo to Facebook but I also what the same photo to be attached to the wp post. I don't want them to have to select the file for each input.
Is there any way to achieve this using PHP and jQuery?
Due to security restrictions, you cannot programatically set the value of file input type fields, it is not possible.
Also, I don't see why you need to upload the same file twice? If you wish to save the same file in multiple locations, you can copy the first file into the second location too, isnt it ?
Please rephrase the question explaining why you want to upload the same file twice so a better answer can be given.
It sounds like you are approaching this the wrong way. Modern browsers prevent you manipulating the value of file inputs for security reasons. What you are suggesting is not possible.
You should be uploading the file to one single location and the sending it to Facebook/WordPress once it is uploaded. If the method of submitting the photo to either must be via POST, then you can use cURL to send that file.
Here is an example: Send a file via POST with cURL
Related
I want my previously uploaded file to be automatically selected while I am editing details which also include file upload.
I have used value attribute as in other types. But this doesn't work.
<input type="file" name="file" value="<?php echo $news['image']; ?> ">
I have to select the required file again while I am editing details. No file is selected as default while editing. I want to edit other details but not the file upload.
What can I do so that I do not have to select it again?
You can display image using
<img src="path/<?php echo $news['image']; ?>">
or if it is a file use the
My File
tag to link.
When you update the DB make sure you update the field image only when the new file is selected.
"I have to select the required file again while I am editing details"
...no you don't. Just write the server-side code so that if no new file is selected, it doesn't delete the existing one when the form is submitted. And you can provide a link to the existing file on the edit form so that the user can see what's already there.
P.S. You can't make it select the same file again in the input box because
a) that's a security problem, your code cannot select files from the user's device - otherwise malicious websites could use hidden file inputs to secretly steal files from a device. The browser enforces that the user must manually select the file, in order to prevent that possibility
and
b) it wouldn't be logical to try and select the same file again anyway - remember that an input file takes files from the local device, not the server. But there's no guarantee that the file still exists in the same location (and your server won't know where that is anyway), and hasn't been moved, renamed or deleted, or that the form is even being used on the same device as previously. And even if you ignore all that, what would be the point of re-uploading a file you've already got on the server? It would just be a waste of bandwidth.
I am building a form right now that returns the user back to the form itself if there is missing fields or fields are entered wrong. One of the inputs is a image file. I was wondering if you want to echo out the image location again, do you use $_FILES[tmp_name]?
e.g. value="$_FILES[tmp_name]" to echo back the location so the user doesn't have to reselect the image again.
its not possible this way.
the $_FILES[tmp_name] reflects the full path of the already uploaded image on the server.
an its not possible to pre-select the upload field in the browser and its also not possible to get the full client-side path of the uploaded file.
so in case of an error, you could copy this temporary file to another location and display the already uploaded image to the user instead of giving him the upload field again.
but you need to make sure to delete this copied image if the user didn't try to fix his invalid fields.
or you seperate the validation of the fields from the image upload part. using some ajax magic or seperate form.
No, you can't use $_FILES['tmp_name'] in this way, as that isn't the name it had on the users computer, but the temporary name that it has on your server in your tmp folder. Not sure if there is a way to do this. I'll look into it and let you know if I find anything, but I doubt there is.
If you used an AJAX file upload, you wouldn't have to worry about this though.
This is not possible, you could try to use a value attribute on a file input to see that it has no effect.
Imagine that if you could do this it would be a serious security problem (ie: hide a file input with a pre-filled value with a common path for an important file and get it the same time with some other details)
If the form is submitted via normal html form submission then you do not have access to the user's file path. Your best bet is to use an AJAX form submission.
I have a html form with some text input and a file input (image logo).
Now, if there is an error with one of the text inputs (like length is invalid) when the user click the submit button [client->server(php)->client], the content of the file input is cleared which is annoying!
I set others text input with last values when the page submits with an error, but I cant with a file input. I tried to set the file input value with document.getElementsByName('logo')[0].value; to set it in a hidden value but I got the path "C:\fakepath\random-0690.JPG"... this is so shocking, I know its for security purposes but it is shocking...
How i can resolve that? Thanks.
It's not possible. You cannot remotely set the value of a file input as a basic security measure. If you could, then it'd be trivial to do <input type="file" value="/etc/passwd" name="pwn3d" /> and steal any file you want from the user's machine.
There's nothing shocking about it at all. Live with it, or enjoy having your files stolen.
I found the answer !
This is simple, I created an AJAX call that send the form contents and validate if everything is okay. Then if there are errors, display these (and it will keep the values and file attachments in the form) .. Else : Send the post form and the attached file.
My client wants to have a 3 page form. The first page allows the user to enter data including a uploaded file. the second page confirms this data. and the third page submits the data to the database and directories.
Via post, I can keep saving the data to a hidden input fields, thats no problem. My problem is the uploaded file. how do I hold that document from page to page ? I am using Cakephp but any advice would help, thanks
You can always just create the illustion that the form is utilising three different pages. Use AJAX to accept and validate/request the user confirm their submitted data. If in this view they accept it initiate a POST to submit all that data.
You really don't need three physically different files to achieve this but you can still let it appear in three stages to keep your client happy.
You just upload the file to temp directory and keep the value in hidden variables just like other form data . If form successfully submitted then the image copy to desired location other wise delete the image
You can easily fake these 3 pages using CSS. Or even 2, as "third page" is actually a server script which has nothing to do with pages in the browser.
Just make your form, then put an event on the submit button which changes divs to whatever "confirmation page" he wants. and then actually send the form using a button on this page.
that's all
An uploaded file is always held temporarily. The server env var should tell you where it is. In Ruby's rack it is stored in the params var. So I guess there is a similar params var in php which has a hash with all the necessary information.
Since the file would be uploaded on the first step, one option is to put the file's location in a hidden input field along with the rest of the data (either there, or put it in the session). With CakePHP, if your file field looks somewhat like that:
<input type="file" name="data[User][image]" id="UserImage" />
Then you will be able to capture the location through
$location = $this->data['User']['image']['tmp_name'];
Which will correspond to something like /var/tmp/xxxxxx
On the last page, if the user confirms all the data, you just use move_uploaded_file() to put the file wherever you want on the server.
move_uploaded_file($location, '/new/location');
I am developing a script in PHP for uploading files to a MySQL database. There various things that need to selected in addition to the actual file that go into the database entry. The script needs to be designed so that it checks to make sure all of the proper selections have been made, and if they are not the script returns to the upload file state with the values the user had selected still populated. I have accomplished this for the select boxes of the from using session variables, however I can not figure out how to get the actual path of the file upload input to post. I can only seem to access the file name and not the actual path from the $_FILE array. I have also tried to do the following:
echo "<input type='hidden' name='MAX_FILE_SIZE' value='8000000'>";
echo "<input type='hidden' name='remote_file_path' value=''>";
echo "<input name='userfile'type='file'
onchange='document.uploadForm.remote_file_path.value=this.value;'>";
Naturally, the form name is "uploadForm". This works, but again when access the value of $_POST['remote_file_path'], I am only receiving the file name and not the path. After some investigation it appears that this is a security feature built into Fire Fox. I am starting to think it can't be done.
Thanks in advance.
You can't populate file select text box for security reasons, just as you discovered. However, you don't really need to populate file text box to retain the uploaded files.
Every time, a file is uploaded to your server, move it to a secure location and also link it with the current session or user. Now, when you redisplay the form because user made some mistake (or wants to edit something), display the filename along side the empty file box. That way, user can see what files they have already uploaded. With some JavaScript you can give user the option to cross off the filename upon which they can fill up the file text box again and submit another file which will be processed in the server. if the file box is empty, previously submitted file would be assumed to be the valid one and processed.
You don't receive complete file path (in some browsers), and can't change an <input type=file> value (through scripting) in any of them, since those actions poses as security problems.
You don't need the hidden fields, PHP will parse the posted data for you, and present it in the $_FILES array:
http://www.php.net/manual/en/features.file-upload.post-method.php
Like many have said, you can't it is a security issue via HTTP. What happens when you upload an image from a local machine is the function fires off and creates the tmp_name to be accessed on the server.
However if you truly want this functionality you can use pure Java via an applet to get a local path. However what are you trying to do, there may be a better way of going about it rather than what you are thinking.