I am writing an app from which user will upload files on the server. I have found a php script from internet but I don't know how am I going to tell the script where to upload the data. This might be a silly question but I am no PHP programmer. I am using this php script in my java code.
Here is the script.
<?php
$filename="abc.xyz";
$fileData=file_get_contents('php://input');
echo("Done uploading");
?>
Regards
This is a terrible way of uploading files, you are much better off using a form and the $_FILES superglobal.
Take a look at the W3Schools PHP File Upload Tutorial; please read all of it. For further reading take a look at the PHP Manual pages on file upload.
The file input type will create the upload box in the html form:
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
After error checking and validating that the file is what you are expecting (very important: allowing users to upload anything to your server is a huge security risk), you can move the uploaded file to your final destination on the server in PHP.
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/abc.xyz");
The filename is actualy the file path along with the name of the new file, set the path there and a file will be created with write permissions.
Make sure you give the servers full path not the relative one and that you have the required permission to create a file there.
Always refer to the PHP Manual
Here's a basic example to get you started:
HTML:
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploaded_file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
PHP:
<?php
//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
//Check if the file is JPEG image and it's size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") &&
($_FILES["uploaded_file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
$newname = dirname(__FILE__).'/upload/'.$filename;
//Check if the file with the same name is already exists on the server
if (!file_exists($newname)) {
//Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
echo "It's done! The file has been saved as: ".$newname;
} else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
Refer to the documention for more information.
Hope this helps!
Related
Re asking how to check if $_POST[FILE] isset
I have a file input and if I submit my form without an image I want something to happen if I uploaded a file in the input I want something different to happen.
if (!isset($_POST[image])) { }
seems to trigger regardless of whether or not I have uploaded a file in the input or not.
<label>
<p>Profile Picture:</p>
<input type="file" name="image" value="" />
</label>
My last question was marked as a duplicate of this answer Check whether file is uploaded however
if (!file_exists($_FILE['image'])) { }
didn't work either it is still showing truthy even when an image is uploaded. So not the answer I need.
To check if there is a file uploaded is you need to check the size of the file.
Then to check if its an image or not is you need to use the getimagesize() function. See my script below:
HTML:
<form action="index.php?act=s" method="post" enctype="multipart/form-data">
<input type="file" name="image" value=""/>
<input type="submit">
</form>
PHP:
<?php
if(isset($_GET['act'])){
// Check if there is a file uploaded
if($_FILES["image"]["size"]>0){
echo "There is a file uploaded<br>";
// Check if its an image
$check_if_image = getimagesize($_FILES["image"]["tmp_name"]);
if($check_if_image !== false) {
echo "Image = " . $check_if_image["mime"] . ".";
} else {
echo "Not an image";
}
}
else{
echo "There is NO file uploaded<br>";
}
}
?>
I am trying to upload a video and save it in a folder as well as savings its path in the database, but the videos are not inserting into the specific folder.
I have searched a lot and found some code. The code is working for images. I have done some modifications from images to videos, but that didn't work.
Here is the parts of my code.
<form action="" method="post" enctype="multipart/form-data">
<div class="form_search">
<label>Upload Video Profile:</label>
<span class="form_input">
<input type="file" name="uploadvideo" />
</span>
</div>
<div class="form_search">
<label> </label>
<span class="form_input">
<input type="submit" name="submitdetails" value="Upload" class="button"/>
</span>
</div>
</form>
and my php code to upload video is
<?php
if(isset($_POST['submitdetails']))
{
$name=$_FILES['uploadvideo']['name'];
$type=$_FILES['uploadvideo']['type'];
//$size=$_FILES['uploadvideo']['size'];
$cname=str_replace(" ","_",$name);
$tmp_name=$_FILES['uploadvideo']['tmp_name'];
$target_path="company_profile/";
$target_path=$target_path.basename($cname);
if(move_uploaded_file($_FILES['uploadvideo']['tmp_name'],$target_path))
{
echo "hi";
echo $sql="UPDATE employer_logindetails SET (video) VALUES('".$cname."')";
$result=mysql_query($sql);
echo "Your video ".$cname." has been successfully uploaded";
}
}
?>
Please help me where I am going wrong.
All my php.ini modifications are done, and video size is only 7mb.
Step-1
This script will allow you to upload files from your browser to your hosting, using PHP. The first thing we need to do is create an HTML form that allows people to choose the file they want to upload.
<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>
This form sends data to the file "upload.php", which is what we will be creating next to actually upload the file.
Step-2
The actual file upload is very simple:
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>
This very small piece of code will upload files sent to it by your HTML form.
The first line $target = "upload/"; is where we assign the folder that files will be uploaded to. As you can see in the second line, this folder is relative to the upload.php file. So for example, if your file was at www.yours.com/files/upload.php then it would
upload files to www.yours.com/files/upload/yourfile.gif. Be sure you remember to create
this folder! with 777 rights
Step-3
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
Assuming that you didn't change the form field in our HTML form (so it is still named uploaded), this will check to see the size of the file. If the file is larger than 350k, they are given a file too large error, and we set $ok to equal 0.
You can change this line to be a larger or smaller size if you wish by changing 350000 to a different number. Or if you don't care about file size, just leave these lines out
We are not using $ok=1; at the moment but we will later in the tutorial.
We then move the uploaded file to where it belongs using move_uploaded_file (). This places it in the directory we specified at the beginning of our script. If this fails the user is given an error message, otherwise they are told that the file has been uploaded.
Putting All Together
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>
Obviously if you are allowing file uploads you are leaving yourself open to people uploading lots of undesirable things. One precaution is not allowing them to upload any php, html, cgi, etc. files that could contain malicious code. This provides more safety but is not sure fire protection.
Try this: $_FILES['userfile'] in place of $_FILES['uploadvideo'] everywhere.
I don'e see any name with uploadvideo in your form.
But in php you are using $_FILES['uploadvideo']
Try giving the exact name of the file input
e.g.:
<input type="file" name="uploadvideo">
So I'm trying to set up an image upload from a form via php on my localhost and after running the code and connecting to the database okay, I'm getting the error for the upload. Since all of the other parts of the form are working after a section by section check, I'll just add the html for the upload input and its relevant php script.
<input type="file" name="image" id="image-select" />
And the portion of the php that has to deal with the image upload and verification after upload:
$image = $_FILES ['image']['name'];
$type = #getimagesize ($_FILES ['image']['tmp_name']);
//Never assume image will upload okay
if ($_FILES['image']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error code " . $_FILES['image']['error']);
}
//Where the file will be placed
$target_path = "uploads/";
// Add the original filename to target path
$path= $target_path . basename($image);
// Check if the image is invalid before continuing
if($type === FALSE || !($type[2] === IMAGETYPE_TIFF || $type[2] === IMAGETYPE_JPEG || $type[2] === IMAGETYPE_PNG)) {
echo '<script "text/javascript">alert("This is not a valid image file!")</script>';
die("This is not a valid image file!");
} else {
move_uploaded_file($_FILES['image']['tmp_name'], $path);
}
So error appears once the code hits the upload process. I was attempting to upload a small PNG file The relevant code I added is also in their respective orders when they appear in the script.
can you please put error here. If error means that after submit page file is not being upload. then please check your form enctype. see below an example
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="image" id="image-select" />
<input type="submit" value="Submit">
</form>
Just a wild stab in the dark here as you haven't provided your form tag but you have remembered the enctype attribute haven't you?
Sorry I don't have 50 reputation otherwise I would ask this as a comment.
<form enctype='multipart/form-data' action=''>
<input type="file" name="image" id="image-select" />
</form>
Also you should check if the file uploaded OK before calling getimagesize() (not that this would be the source of your issue)
if you are using PHP5 and Imagick, then you can try to use something like the following:
$image->readImageFile($f);
Below is my code where the user can upload a file. What I want to know is that is there a way so that via server side is there a way to first of all restrict the file formats of the files to jpeg and png only and then when the user clicks on the submit button, if the file format is correct then display an alert on the same page stating "File is correct" else display an alert stating "File is incorrect".
Can somebody please provide coding if they know how to do this. Thank you and any help will be much appreciated :)
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
A code for a total check of file uploads, you'll have to change $allowedtypes though. (Copied instead of linking because it was from a non-English site)
<?php
if(isset($_POST["submit"])){
$allowedtypes=array("jpg"=>true,"png"=>true,"gif"=>true,"txt"=>true);
$filename = $_FILES['file1']['name'];
$source = $_FILES['file1']['tmp_name'];
$file_size=$_FILES['file1']['size'];
$saveloc = "uploads/" . $filename;
$maxfilesize=1024*1024*10;
$nameext=explode(".",$filename);
if(preg_match('/^[A-Za-z0-9\-\_]{1,}\.[a-zA-Z0-9]{0,4}$/',$filename)){
if(!empty($allowedtypes[strtolower($nameext[1])]) && $allowedtypes[strtolower($nameext[1])]===true){
if($file_size<=$maxfilesize){
if(!file_exists($saveloc)){
if(move_uploaded_file($source, $saveloc)) {
chmod($saveloc,644);
echo "Successful upload. <a href='".$saveloc."'>Fájl megtekintése</a>";
}
else echo "Cannot move";
}
else echo "Existing file";
}
else echo "Too big file";
}
else echo "Not allowed extension";
}
else echo "Only alphanumeric files allowed";
}
else echo "<form method='post' enctype='multipart/form-data' action='secureupload.php'> File: <input type='file' name='file1' /><br /><input
name='MAX_FILE_SIZE' type='hidden' value='10485760' /> <input type='submit' value='Upload' name='submit' /></form>";
?>
You are talking about server side handler and write 'alert'...khm...
If u want to do stuff via server-side, then use php handler
http://php.net/manual/en/features.file-upload.post-method.php
If u want to do stuff via client-side, use javascript events, e.g on change event
<script>
function check() {
var file = document.getElementById('file').value;
var temp = file.split(/\.+/).pop();
alert(temp);
}
</script>
<input type="file" name="file" id="file" onchange="check();" />
You have file extension in temp var.
There are PHP functions to do this. You want to look at mime_content_type and finfo_file. These are built-in PHP commands that allow you to interpret that actual file type of a file being uploaded. You can then filter the mime types to only .gif/.jpg/etc. You want to check the mime types over the file name because the file name can be changed to mask the actual file type. If you want code samples, there are plenty on those pages as well as some excellent user-provided alternatives.
Something like this at the top of your file should work:
<?php
foreach ($_FILES as $file)
{
$tmp = explode(".", $file["tmp_name"]);
if (!in_array($tmp[count($tmp)-1], array("jpeg", "png"), true))
die("<script>alert('File is incorrect');</script>");
}
echo "<script>alert('File is correct');</script>";
?>
I would like to have the user upload a pdf to a folder on my website. (note:this is for learning purposes, so security is not necessary) The code I have below does not do echo a response when submitted. The folder I would like to have the pdf uploaded to is in the same directory as the php script, is it possible I'm incorrectly referencing that folder? I appreciate it.
<form method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Email:<br /> <input type = "text" name="email" value=""/><br />
Resume:<br /><input type = "file" name="resume" value=""/><br />
<p><input type="submit" name ="submit" value="Submit Resume" /></p>
</form>
if(isset($_POST['submit']))
{
define ("FILEREPOSITORY","./resume/");
if (is_uploaded_file($_FILES['resume']['tmp_name'])) {
if ($_FILES['resume']['type'] != "application/pdf") {
echo "<p>Resume must be in PDF Format.</p>";
}
}else {
$name = $_POST['email'];
$result = move_uploaded_file($_FILES['resume']['tmp_name'], FILEREPOSITORY."/$name.pdf");
if ($result == 1) {
echo "<p>File successfully uploaded.</p>";
}
else {
echo "<p>There was a problem uploading the file.</p>";
}
}
}
You have a logical error. Your else statement should be part of the inner if statement -- not the outer one.
would suggest you check the permissions for the upload folder and the max size for file uploading in your php.ini... its happened to me many times uploading a file exceeding the limits and not getting an error message.. also the logic of your if else doesn't match as suggested by your previous post..
IT would be of great help to give the error you receive.
move_uploaded_file()
only works if you have the rights to write to the destination folder.