I'm creating a php form that works in this way:
1) The user fills the form and add a file to upload;
2) The submitted information is shown to the user for confirmation;
3) Upon confirmation, a email is sent with all the data, including the file.
My problem is that I get access to the uploaded file on the second step, but not on the third step. Due to security reasons, it's not possible to resend the file on the second step by creating a input file field with a default value (the uploaded file).
It's possible to achieve what I'm trying to do, without having to copy the uploaded file to another folder?
The solution to my question was to place the actual file upload only on confirmation page. There was no way to "carry" the file upload from a page to another in the way I wanted to.
Thanks for the replies.
Related
so basically I have a multistep form with X steps.
In the first step, I offer a file upload form to the user.
This just behaves like a normal HTML file uploader:
User selects file
File Box, shows pathname
If the user clicks on "next" the file should not be uploaded.
If the user reaches the last step of the form, the files he/she has choosen in step-1 should be uploaded now.
I have no idea if this is actually possible. There are also a couple of problems
The value from input type="file" gives something like C:\fakepath\filename.ext
Saving the above in a session for later upload does not make sense.
How can I get the uploader to work in the last step?
Yes, this is actually possible, and saving data between pages make sense, otherwise, how could you remember what he sets in the file input?
If it is a simple HTML page, I assume your are using PHP. Register files in a temporary variable or session, put it in a hidden input in the HTML code if you don't use session.
At the last step, set your files and upload it.
Good luck.
I am building a form right now that returns the user back to the form itself if there is missing fields or fields are entered wrong. One of the inputs is a image file. I was wondering if you want to echo out the image location again, do you use $_FILES[tmp_name]?
e.g. value="$_FILES[tmp_name]" to echo back the location so the user doesn't have to reselect the image again.
its not possible this way.
the $_FILES[tmp_name] reflects the full path of the already uploaded image on the server.
an its not possible to pre-select the upload field in the browser and its also not possible to get the full client-side path of the uploaded file.
so in case of an error, you could copy this temporary file to another location and display the already uploaded image to the user instead of giving him the upload field again.
but you need to make sure to delete this copied image if the user didn't try to fix his invalid fields.
or you seperate the validation of the fields from the image upload part. using some ajax magic or seperate form.
No, you can't use $_FILES['tmp_name'] in this way, as that isn't the name it had on the users computer, but the temporary name that it has on your server in your tmp folder. Not sure if there is a way to do this. I'll look into it and let you know if I find anything, but I doubt there is.
If you used an AJAX file upload, you wouldn't have to worry about this though.
This is not possible, you could try to use a value attribute on a file input to see that it has no effect.
Imagine that if you could do this it would be a serious security problem (ie: hide a file input with a pre-filled value with a common path for an important file and get it the same time with some other details)
If the form is submitted via normal html form submission then you do not have access to the user's file path. Your best bet is to use an AJAX form submission.
My client wants to have a 3 page form. The first page allows the user to enter data including a uploaded file. the second page confirms this data. and the third page submits the data to the database and directories.
Via post, I can keep saving the data to a hidden input fields, thats no problem. My problem is the uploaded file. how do I hold that document from page to page ? I am using Cakephp but any advice would help, thanks
You can always just create the illustion that the form is utilising three different pages. Use AJAX to accept and validate/request the user confirm their submitted data. If in this view they accept it initiate a POST to submit all that data.
You really don't need three physically different files to achieve this but you can still let it appear in three stages to keep your client happy.
You just upload the file to temp directory and keep the value in hidden variables just like other form data . If form successfully submitted then the image copy to desired location other wise delete the image
You can easily fake these 3 pages using CSS. Or even 2, as "third page" is actually a server script which has nothing to do with pages in the browser.
Just make your form, then put an event on the submit button which changes divs to whatever "confirmation page" he wants. and then actually send the form using a button on this page.
that's all
An uploaded file is always held temporarily. The server env var should tell you where it is. In Ruby's rack it is stored in the params var. So I guess there is a similar params var in php which has a hash with all the necessary information.
Since the file would be uploaded on the first step, one option is to put the file's location in a hidden input field along with the rest of the data (either there, or put it in the session). With CakePHP, if your file field looks somewhat like that:
<input type="file" name="data[User][image]" id="UserImage" />
Then you will be able to capture the location through
$location = $this->data['User']['image']['tmp_name'];
Which will correspond to something like /var/tmp/xxxxxx
On the last page, if the user confirms all the data, you just use move_uploaded_file() to put the file wherever you want on the server.
move_uploaded_file($location, '/new/location');
Not really sure where to start on this one and a day of google searches hasn't helped much.
I am working on a submission form where my logged in users can submit data in form fields and attach a number of files. These files should be available to the users across many submissions so as not to clog up my database with duplicate files and for user convenience not having to reupload files many times. The files will be mostly PDFs and word docs.
My question is, what is the most elegant solution to letting my user select a previously submitted file for their current submission and to "attach" or associate that file with multiple submissions? Some drop down box that shows previous uploads seems best and if you agree any code snippets would be super helpful.
I've decided to store the document files as blobs in their own table. I'm running php and MySQL on Linux with godaddy.
Thanks for advice on where to look for code samples in advance. Just haven't been able to find what I'm looking for. Is JavaScript necessary here?
A better way to handle file uploads is to simply store the file-name (which should be generated as unique) in the database and store the actual file in a directory. That way, you won't have this issue of storing it in a BLOB. Is there any reason you are doing that over this method?
Now, if you output a SELECT form element with a list of filenames stored in the database, a user can simply select one and all you need to do is store that filename in the new row. Then, all rows that point to that file name will point to the same file, with no need to upload it.
If you want to allow multiple file uploads or "attachments" in this case, then you are going to need to create a one-to-many relationship in the database. Each submission row will have many rows in another table that point to it, all referencing the corresponding files uploaded. Such that any submission can have zero, 1, 2, or more files attached. If they select files that already exist, great, just copy the username as stated above. IF its a new file, then you should upload that file and add its name to the database.
Javascript isn't required but it would be nice - to add interactivity to your form. If you want to allow for a user to click say, "Add New File", and have a new file upload form element appear.
Start with a a form. Add a select with the list of files associated with that user. Add another form element that allows for file upload. Have all of your other stuff as normal.
On page view, populate the select with the filenames and put the row IDs for that file in the <option value="file_id_xxx">....
In your server script, detect if a file was uploaded; if so, complete the process of storing the file and set the file reference as the associated file for the submission; if not, check that a file was selected from the dropdown and if so, save the reference from the select with previous uploaded files with the submission instead.
Javascript may help in disabling the select or file upload input, depending. But it's not necessary.
I'm using Valum's AJAX uploader, which is quite nice. I have a form that lets you fill out some info and optionally attach files.
I have a hidden input on the form that has a randomly generated "token" (5 character alnum). The uploads are sent to a tmp folder and the info about those files (name, dir, token) are kept in a uploads_tmp table in a database.
Then, when the user successfully submits the form, those files are moved to a more permanent location and the rows from the uploads_tmp are moved to the uploads table.
If the user submits and there are errors with the form, my script knows there are uploads from a previous attempt via the token. So there's no need to re-upload files.
Is this the right way of doing it or am I going about it all wrong? I'm using PHP (CodeIgniter to be exact).
There isn't any one correct way of doing something like this. Your method seems like a good intuitive one, but really it's down to whatever works for you and your situation.