I am trying to make simple script that would allow user to upload image to my database. I have problem with php fopen function.
I need to allow user upload any image file on his computer so path to the file is different every time.
<form method="POST">
<input type="file" name="img">
<input type="submit" value="uload">
</form>
This simple form is returning only string value of file and i need to open the file using fopen function that needs direct path to the file.
fopen($_POST["img"],"r");
This works only if file is in the same directory as php script.
So I am asking if there is a way how to find where the file is stored so i could open it using fopen function.
I would advice you first to have look to PHP manual about file uploads: http://www.php.net/manual/en/features.file-upload.post-method.php
Because such code may open security hall in your system. Generally speaking it is not recommended to directly execute users files before doing some check like virus scan, binary signature of the images, image validaty by trying to resize it, etc.. From performance perspective it is not recommended to save them in database. In addition if you choose to upload to a directory its permission should set proper.
I will copy here sample file upload code modified to your case from the PHP manual:
HTML Part:
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="YOUR_Upload_FILE.php" method="POST">
<!-- Name of input element determines name in $_FILES array -->
<input name="img" type="file" />
<input type="submit" value="Send File" />
</form>
PHP Part:
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['img']['name']);
//At this point you may like to check:
/*
1. Upload Errors in $_FILES
2. Do virus check.
3. Do binary check for the images type
4. Do size check for the image
5. Do actual image resize to confirm it is valid image.
*/
//After everything is safe, you move the temporary file to your permanent store.
echo '<pre>';
if (move_uploaded_file($_FILES['img']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
if ($_FILES["file"]["error"] == 0) {
fopen($_FILES["img"]["tmp_name"], 'r');
}
Related
This is an experiment for a proof of concept. I created a VPS where I have a simple upload form and PHP form processor script. The point of this is to test an iOS and Android app we are developing. This question is not about security or efficiency (yet), just functionality. I need to modify the PHP below to receive an image using POST without the aid of an HTML FORM. We are currently POSTing to Dropbox and Google Drive no problem. We are now looking into what it would take to store images on our own servers, we just need to formulate a proof of concept to receive this image with PHP that was submitted with POST.
With that out of the way; I want to send an image to a server from a mobile device over the only upload method available without additional libraries - HTTP. Using FTP or SSH requires additional code and we're trying to keep it light. So I was going to send an image with HTTP POST which I am pulling off with an HTML FORM currently. However, I need to formulate a POST that sends only an image - no other variables. This is my current HTML form:
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
This is my processor PHP:
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Potential error.\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
Works perfectly over a browser, no problems. Now I need to modify the PHP portion to allow a POST over URL - essentially dropping the use of an HTML form. It would be great to distinguish the files uploaded by using the name of the file I am sending or I can provide that variable from my app. Any guidance would be appreciated.
Reference: http://php.net/manual/en/features.file-upload.post-method.php
You don't need to modify your PHP. Just send file from your iOS/Android application as if it was sent by the form, i.e. using multipart/form-data encoding.
Or if you want to send it another way, explain how exactly you want it sent, there is no another standard way to send files "POST over URL".
Below Code is working fine for a .TXT file, but when I am selecting any .PDF file, it does not copies it to the destination path, Could someone please suggest me what should be the problem.
THE HTML code and PHP code as follows:
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<?php
$uploaddir = 'C:\xampp\htdocs\upload\\';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo $uploadfile;
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
Error number 2, given by the $_FILES array, represents UPLOAD_ERR_FORM_SIZE. From the PHP manual:
The uploaded file exceeds the MAX_FILE_SIZE directive that was
specified in the HTML form.
In your HTML you have a hidden form field named MAX_FILE_SIZE. The field value represents the maximum file size of the uploaded file in bytes.
Either adjust the value of the field or remove it. I believe the field was a try from the PHP developers to implement client side browser check for the file size, stopping users from uploading too big files. However to date there is still no browser that enforces the value of that field.
How big is your PDF file?
You may be reaching your web servers in-built MAX_FILE size (which I know you can change if using Apache).
Check your web server configuration.
I have had problems with a simple php script in which I can upload a file to a certain folder. I have tried multiple ways in doing this and I still have not had success.
Any errors in my code or advice on how to correct the issue will be taken gracefully.
Main Php Code:
<p>Browse For a File on your computer to upload it!</p>
<form enctype="multipart/form-data" action="upload_photos.php" method="POST">
Choose Photo:
<input name="userfile" type="file" /><br />
<input type="submit" value="Upload Photo" />
<?PHP
if ($userfile_size>250000)
{$msg=$msg."Your uploaded file size is more than 250KB so please reduce the file size and then upload.<BR>";
$file_upload="false";}
else{
if (!($userfile_type<>"image/jpeg" OR $userfile_type<>"image/tiff" OR $userfile_type<>"image/png"))
{$msg=$msg."Your uploaded file must be of JPG, PNG, or tiff. Other file types are not allowed<BR>";
$file_upload="false";}
}
?>
</form>
</label>
</form>
Php code that is called upon on click (upload_photos.php)
<?php
$target_path="uploads/";
chmod("uploads/", 0755);
$target_path=$target_path . basename( $_FILES['uploadedfile']['name']);
$test=move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path);
if($test) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
var_dump($test);
}
?>
I do not understand why my end results [upon clicking "Upload Files" Button] include only the following results:
"There was an error uploading the file, please try again!bool(false)"
One more thing: I have also tried using the full computer folder path for $target_path and chmod.
Does anybody see what I am doing wrong?
You have <input name="userfile" but then use $_FILES['uploadedfile'] in your script - use one or the other.
Other than that, make sure the chmod worked and the folder is writable.
bool(false) is the output of var_dump($test);, indicating that move_uploaded_file is returning false.
As a basic debugging step, you should try var_dump($_FILES) to make sure you're accessing the right element of that array (I can tell from your code that you aren't, the index will be the name attribute of your <input type="file"/> element).
You have at least one other serious flaw in your logic... The PHP code in your upload form doesn't make any sense. That block of PHP code will execute server-side before the user has ever uploaded a file. It can't possibly work. The two variables you're checking, $userfile_size and $userfile_type, are not defined anywhere.
In my case, I forgot to create a folder where I want to upload. So check once the specified upload path is available or not.
i have to generate jasper reports in my php website.
I want to know what all are needed to make this work. I was told that i needed php-java bridge. But i hope that is for the sole purpose of generating a .jrxml file.
I already have the jrxml file with me.
Now how can i call this file from my php code, for generating jasper report in pdf format ?
In case this file is located on your server you can open it using file_open from any php script.
EDIT: The easiest way to do it seems to be using something like the php-jasper-integration. This way you don't need to use a java-php bridge.
In case you do not have it onyour server but client side only you will need to upload it to your web site and treat this file as you need to using your website script.
Here is some example code to do it:
if(!isset($_FILES['userfile']['tmp_name'])){
// starte Session
//session_start(); // Headers sent out
?>
<form enctype="multipart/form-data" action="myscript.php" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />
<!-- Name of input element determines name in $_FILES array -->
Please upload a file.
<br>
<br>
<input name="userfile" type="file" />
<input type="submit" value="UPLOAD" />
</form>
<?php
}
else {
?>
if ($_FILES['userfile']['tmp_name'] == '') die ('No file submitted!');
$target = "uploaded/";
$target = $target . basename( $_FILES['userfile']['name']) ;
$ok=1;
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['userfile']['name']). " has been uploaded. Parsing will start soon. ";
}
else {
echo "Sorry, there was a problem uploading your file.<br>";
}
// now do what you need with your file in $_FILES['userfile']['tmp_name']
Well, i could get what i wanted by using PHP Jasper XML. It is opensource too.
Well jrxml is created with ireports and its executed with java, you need a server like tomcat. look for information of jru-php it will help you
Please could someone help with the following:
Using PHP I want to be able to post the details entered into a form to a csv file. This is quite straight forward on its own, however one of the fields in the form needs to upload a file, so the csv file needs to contain a link to where the file is saved.
Thanks
OK, it sounds to me like you have a form, one of the fields is an upload- and you want to submit the form then create a CSV from the form fields (with the upload simply showing the file location) AND upload the file?
If that is the case, handle the file upload as per normal, so the form should have (eg):
<form enctype="multipart/form-data" action="csvbuilder.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input name="uploadedfile" type="file" />
//other fields
<input type="submit" value="Upload File" />
</form>
Then in the target script of the form (csvbuilder.php):
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)
To then reference the file in the CSV, you should simply echo:
"http://www.domain.com/uploads/".basename( $_FILES['uploadedfile']['name']);
The best you can do is simply have the location as per above, CSVs by default dont support links (though some programs like Excel may 'interpret' links and make them clickable if you wrap them in markup)
Files uploaded through PHP are by default destroyed after the PHP script has executed, so you will need to move the uploaded file to a pre-designated folder to save it.
You can use the function move_uploaded_file() to do this.
Whatever you give as the destination to move_uploaded_file() can then be put in to your CSV file.
When you upload the file you will need to use the function move_uploaded_file to put the file onto the server. So just use the same argument in that function as you do in the CSV.