I am trying to make a site where users can upload files. I have some basic parameters (like making sure they're logged in, etc) above this code. I have narrowed down where my error is. Whenever I try to upload a file, it loads for a long time (even when it's just a small JPG), and displays nothing. I've looked through a bunch of previous questions, but they don't really help.
HTML
<form name="contact" action="action.php" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" multiple><br><div id="adder"></div>
<input type="submit" name="submit" value="Submit">
</form>
PHP
for($i=0; $i<count($_FILES['file']['name']); $i++) {
//Get the temp file path
$tmpFilePath = $_FILES['file']['tmp_name'][$i];
//Make sure we have a filepath
if ($tmpFilePath != ""){
//Setup our new file path
$newFilePath = "uploads/".$_FILES['file']['name'][$i];
//Upload the file into the temp dir
if(move_uploaded_file($tmpFilePath, $newFilePath)){
set_time_limit(0);
echo "Thanks for your submission! Your file was uploaded.;
}
change your this line:
<input type="file" name="file" id="file" multiple><br><div id="adder"></div>
to
<input type="file" name="file[]" id="file" multiple><br><div id="adder"></div>
and please write the proper code cause incomplete information will take people away for actual reason for the code to not work.( you did not close the for loop there)
also I am assuming you have checked the POST request using $_POST[] before saving anything to make sure someone actually submitted the form.
Related
I have a file upload form on which I also want to use the Google reCAPTCHA.
If I have the following
<form method="post">
<input type="file" name="filename">
<div class="g-recaptcha" data-sitekey="***"></div>
<input id="submit" name="submit" type="submit" value="Submit">
</form>
the I can use the reCAPTCHA, but cannot upload the file.
However, if I use:
<form method="post" enctype="multipart/form-data">
<input type="file" name="filename">
<div class="g-recaptcha" data-sitekey="***"></div>
<input id="submit" name="submit" type="submit" value="Submit">
</form>
I can upload the file successfully, and use the reCAPTCHA provided that the file is a text file. I cannot get it to work if I try to upload a pdf file.
When uploading a text file, the $_POST contains the 'g-recaptcha-response', but when uploading a pdf, the $_POST does not contain the 'g-recaptcha-response'.
Can someone explain what is going wrong here?
EDIT
It seems like it's actually a filesize problem.
Files larger than ~200kb cannot be sent whatever their format.
I have upload_max_filesize = 2M in my php.ini file, so I'm not sure why 200kb is too large...
Any thoughts?
EDIT 2: More information
It looks like the $_FILE contains the error code 3: UPLOAD_ERR_PARTIAL.
I don't see why the file cannot be uploaded completely.
EDIT 3: Getting somewhere
I can now upload files. It seems like I need to put the reCAPTCHA before the file input.
<form method="post" enctype="multipart/form-data">
<div class="g-recaptcha" data-sitekey="***"></div>
<input type="file" name="filename">
<input id="submit" name="submit" type="submit" value="Submit">
</form>
Can anyone elaborate on why this might be the case?
Edit 4: Spoke too soon
Switching the order makes the g-recaptcha-response' appear in $_POST, but I am still getting the error code 3: UPLOAD_ERR_PARTIAL.
Edit 5
It looks like the file is being uploaded correctly, since I can see it in the header parameters (firefox debugger). It seems like php is just not filling in the $_FILE array properly...
I tried the same code on a different server and it worked fine.
Looks like the problem was that the server I set up has some sort of configuration issue. It actually has nothing to do with the interaction of reCAPTCHA and the file input + enctype.
I will update if I figure out what the configuration problem is.
Hello I needed code for automatically chose file and upload it to desired link. How to do that?
html code:
<html>
<head><title>Uploading</title></head>
<body>
<form method="post" enctype="multipart/form-data" action="uploadFile.php">
<input type="file" name="file" id="file">
<input type="submit" value="Submit">
</form>
</body>
</html>]
In above code at this line
<input type="file" name="file" id="file">
this path is fixed and can't be changed as user tries. so when user click on "Submit" button the file has to upload.
How to do this?
TL;DR: What you are trying to do is absolutely impossible - for a good reason.
If this was possible, you could create a hidden upload field pointing to a file containing valuable data (e.g. the browser's cookie database) and submit the form using JavaScript (or make the user submit it without knowing about that upload) and copy any file the user has access to.
I have a form for file upload like this
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
Sometimes user upload files with 200 characters name.
Exist a way to limit filename maxlenghth?
The browser will expose the base file name to JavaScript so this is technically possible, although as #VisioN mentioned above, I can't think why you'd care; just rename the file on the server to something else. If you absolutely need to prevent it, then give your element an ID of uploader and then:
<script>
document.getElementById("uploader").onsubmit = function(){
return document.getElementById("file").value.length < 200;
};
</script>
Of course this will only work if JavaScript is enabled.
use the Code from Graham and check the filename length also with PHP
if(strlen($_POST['name']) > 200) { echo "filename to long"; exit; }
and you must added MAX_FILE_SIZE to you HTML-form otherwise PHP don't get the uploaded file
<input type="hidden" name="MAX_FILE_SIZE" value="MaximumFilesizeInBytes">
You should also validate it PHP side since someone could submit it directly to upload_file.php and bypass any HTML/JavaScript restrictions.
I know this is an old question and I have found lots of tutorial on SO however, they cannot solve my problem.
I use my mac to set up a localhost for web programming and I try to upload a jpg file to my localhost directory "/Library/WebServer/Documents". But it gives hint unable to move.
my front end code is:
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
The php(upload_file.php) code is(there is some other checking codes for php file, copied from w3school):
move_uploaded_file($_FILES["file"]["tmp_name"] , "/Library/WebServer/Documents" . $_FILES["file"]["name"]);
And after I click the submit button, there is sth wrong printed on the screen.
Moreover, I did not find any tmp file in the file "/private/var/tmp", in which should be a tmp file...
make sure your php file has enough rights to write into the directory.
check if print_r($_FILES); lists anything, especially the size is important.
I've made a basic looking PHP file load system, so far I can upload any file type, I haven't add any parameters just yet.
But what I want to know is with the method I'm using, what steps should I take to make the system secure? Is there another, more secure way of doing things, and any guides, tips or suggestions that may help with this system?
This is my code so far:
$upload_to = "img/company_logos/";
if($_POST)
{
if(!empty($_POST['upload']))
{
$upload_to = $upload_to . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $upload_to);
echo "Uploaded!";
}
}
?>
<html>
<body>
<form method="post" enctype="multipart/form-data">
<input type="hidden" id="upload" name="upload" value="1" />
<input type="file" id="file" name="file" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
One of the major things I've seen is the upload directory permissions are set to 777 this means anyone can read/write/execute this dir.
Thanks for the help.
Check the referrer
Restrict file types
Rename files
Change permissions
Login and Moderate
http://php.about.com/od/advancedphp/qt/upload_security.htm
And see this one
PHP Upload file enhance security