I'm trying to set up a file upload for my website but I'm not sure what I'd need to get this to work overall. I'm trying to use Jquery File Upload but I can't seem to get the files to upload to my server. It looks like I might need something else to get it to run but I'm not sure what. Any suggestions?
There are three "sides" to a file upload.
First is client-side: You need to have a form that can upload files (so you need to set the enctype attribute of your form element, and set your action to post).
Second is server-side: You need something that can handle the file upload. Assuming you're using a server with PHP, you can access the file via $_FILES['filename']. Google has a vast array of example for handling file uploads.
Third is server-side (again) - your server must allow file uploads. Not only must it allow file uploads, but it restricts the size of the file that can be uploaded (php config).
However, it looks like jquery file upload has a PHP file handler.
I will sugest you use dreamweaver its easy to use expecially to upload files to the web n you can also see the steps needed in its help content. or you may download an ftp uploader
Related
First 3 bytes of FLV file are signature "FLV". Now my question:
Is there any possibility in PHP to handle file uploads so that we can hook into the input stream of uploading file and check the first 3 bytes?
The scenario is i don't want the complete file to be uploaded (in temporary folder) and then check if the file is FLV or not, i just want to read first few bytes of uploading stream and if it is not "FLV" then return/exit.
The file needs to be uploaded by HTML based form. Can't rely on javascript,flash uploader or any client side validation workarounds i.e. need a pure PHP based solution.
I already know that PHP does not hand over control to our script until it finishes uploading file in temporary folder and populating global variables i.e $_POST $_GET $_FILES etc.
Also there is a somewhat similar question here:
How to upload a file byte by byte in php
but answers does not satisfy my requirement/question.
Any ideas are really appreciated!
Thanks
First, set session.upload_progress.enabled in your php.ini.
Then, use session.upload_progress to track how many bytes have uploaded. Once you have reached the minimum threshold, check the temporary file being uploaded, it will be in $_SESSION[unique_key]['files'][0]['tmp_name']. If the file doesn't match, set $_SESSION[unique_key]["cancel_upload"] to TRUE, and the file will be rejected.
To get unique_key:
ini_get("session.upload_progress.prefix") . $_POST[ini_get("session.upload_progress.name")];
If the above does not work (I haven't tested it), then your only recourse would be to create your own custom handler for PHP either as an Apache module (or better, as a custom CGI application). There you could do your filtering.
#burhan-khalid provided a more up to date and correct answer above.
Short Answer is no with your constraints.
You can not access that file with PHP until it has been uploaded to the server. After it is uploaded you can read it but not before, at least not without some type of client side software that would allow you to stream it to PHP instead of the normal form submission.
I'm developing a very simple PHP upload feature in my site to permit users to upload JUST images. Apart from checking the mime-type through php I wanted a .htaccess file to rule what can be uploaded and what can't.
I want to insert the .htaccess in my root folder and from there writing the rules for all the folders I need to be ruled.
It's the first time I work with .htaccess and from the internet I was able to find this:
http://pastebin.com/0KNHEbw0
But it doesn't work. I'm testing it locally with my xampp on win7 and I see that I can upload any type of files in the "oggetti" folder.
What's that is wrong?
And then, to rule other folders should I write something like this?
http://pastebin.com/dFMUu1g0
Thank you in advance!
You can't control what files are uploaded through a .htaccess file: Apache, the web server parsing those commands, deals with serving the files only.
You will need to do these checks in the PHP script that handles the upload process. Note that checking the MIME type sent with the file is not a reliable method to determine a file's type! The value sent can be manipulated by an attacker. To ensure a file is an image file, you could e.g. use getimagesize().
This cannot be accomplished using .htaccess. I'm guessing what you're trying to do is prevent malicious scripts from accidentally being executed on the server. The way I normally handle file uploads like this is:
Insert filename, mime-type, etc., into a database with an auto_increment ID.
Use the ID as the file name - no extension, and place the file in a directory outside of your webroot. This way you're certain nobody can execute the file.
When a file is requested, query the database for filename mime-type and id, and send the file to the user with readfile() (follow the link for an example).
I want to offer 2 ways of uploading files - with <input type='file'> and remote upload by URL.
Is it possible to create a CUploadedFile using data from a remote url?
The remote upload is actually not an upload, rather the user submits the link and you need to copy it over to your server.
Consider CUploadedFile to be used only for the upload part and handover to the next file handler.
Once done with upload or copy, You might want to use another file management utility like cfile extension here http://www.yiiframework.com/extension/cfile/ to manage both your files already "copied/uploaded" to your desired directory.
Is it possible in PHP to configure it to somehow not save files to disk at all? As a matter of fact, the best thing would be to get the script going before even reading the entire POST body. (Keeping my hopes high ;))
You can turn off file uploads via a configuration setting in PHP.
http://php.net/manual/en/ini.core.php#ini.file-uploads
PHP needs a place to temporarily store the files content for you to be able to interact with it through PHP - although, you don't have to do anything else other then access the temporary file to get the data:
$content = file_get_contents($_FILES["user_file"]["tmp_name"]);
From here on you can manipulate with the files content without having to move the uploaded file to another location before accessing it.
You can use HTTP PUT requests to directly upload a file. PHP will not handle the upload directly (e.g. set it up in $_FILES). Instead, you have to read the raw bytes from the php://input pseudo-url and from there can do whatever you want.
There's some details and examples here.
In my php application i have a folder in which all the photos are kept.
The images are in different sizes.So i want to select photos from the folder and applying some image functions and upload to a different folder through php code.
This is same as image uploading but the difference is that the source file is in server
That is i want to select photos from server applying some image functions and upload again on the server
Pls help me
If you want to keep them on the same server, no further uploading is necessary. You can just perform whatever manipulations you want (resize, etc.) then use PHP's filesystem libraries to move the files around on the server. Check them out here.
maybe with curl http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html here a tip explaining how to send data with curl
If you select a photo from the folder and applied some image functions, instead of saving the file back to the original file, you could simply save it to it's new location...
In that case you don't need uploading and/or moving...