My php upload script works great and is validated for everything from file type to size except if no file exists. You can just hit the submit button and it will send blank data to the upload script. I was trying this:
if (!is_uploaded_file($HTTP_POST_FILES['ufile1']['name']))
{
header("location:../index.php?code=no_file");
}
It won't work :(
Any way of getting this to work?
-mike
Check the error code:
http://www.php.net/manual/en/features.file-upload.errors.php
if ($_FILES['ufile1']['error'] == UPLOAD_ERR_NO_FILE) { /* no file */ }
Note that you should already be checking the error code to make sure that it's UPLOAD_ERR_OK on files that you actually acccept.
Also, $HTTP_POST_FILES is deprecated in favour of $_FILES these days. That signifies to me that you probably want to find a newer tutorial.
What I use is the file_exists($name_of_submitted_file) function at the end to see whether or not the file has been successfully uploaded.
Related
I've got a php file setup for uploading images to an Amazon server via AWS. I've come to an error message which strangely is showing up on my prod server (the amazon server) but not my dev server (just a regular php server). The Amazon server has previously thrown errors when something is not structured exactly how it wants. For example if a an a tag has a href /home it will lead to an error page unless I change the tag to /home/.
Anyway i''ve narrowed down in my PHP script where the error lies and my php function move_uploaded_fileis evaluating to false and stopping my file from beginning the upload to Amazon s3 (at this stage the file is on the server where the site is hosted but not yet on the s3). Here is my if statement with some variables declared above that should be evaluating to true:
$target_dir = "../uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],$target_file)) {
//upload to s3
} else {
//error
}
I inserted the following code above the if statement to see what it was spitting out and here's what it evaluated in comments under it:
echo json_encode($target_file);
// "..\/uploads\/Grad.jpeg"
echo $_FILES["fileToUpload"]["tmp_name"];
// /tmp/phpQA1667
echo json_encode(move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],$target_file));
// false
I'm no php expert and can't seem to put my finder on why it's evaluating to false. Can anyone see where i've gone wrong?
move_uploaded_file returns false in two cases:
If filename is not a valid upload file, then no action will occur, and move_uploaded_file() will return FALSE.
If filename is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file() will return FALSE. Additionally, a warning will be issued.
Either way, you should be getting an error back in your $_FILES superglobal.
Do a print_r($_FILES) and have a look at any error messages it gives you, and whether or not the array is populated.
Once you find that error, it should be easy for you to determine the exact cause of the issue.
A comprehensive list of the errors can be found at http://php.net/manual/en/features.file-upload.errors.php
I am trying to create an online php editor .Alternative to eval , i am doing it as
Get the codes by form post (having an iframe as target) request and save it in a temp file
including that temp file ,so codes gets executed
deleting that temp file
CODE
<?php
session_start();
if(isset($_POST['winCode']))
{
$data=$_POST['winCode'];
$_SESSION['data']=$data;
// creating a $_SESSION['data'] ,so that
// user can maximize the resultant iframe
}
file_put_contents(session_id()."_runphp.php",$_SESSION['data']);
include(session_id()."_runphp.php");//generate output
unlink(session_id()."_runphp.php");//delete temp file
?>
This is working well , but when a user generates error by his codes ..unlink doesn't work .. How can i set unlink to run even a fatal error occurs.
Use register_shutdown_function.
Follow the link http://php.net/manual/en/function.register-shutdown-function.php
register_shutdown_function( "shutdown_handler" );
function shutdown_handler() {
// delete file here
}
Note: This is not a good practice to execute the user entered code as it is. This system to open to Cross Site Scripting Attacks.
I have a form for uploading data into my database.The form has a number of input fields ranging form text,number,textarea and file(images).
When the form is submitted, i check if there are any images being uploaded and if so, check if the image being uploaded passes a series of checks( below maximum file size, correct extension etc), with the entire process in a try/catch block set to throw exceptions should any check fail.
My checks are as follows:
$upload=$_FILES['Upload']['tmp_name'];
if(isset($upload))
{
if(!empty($upload) && is_uploaded_file($upload))
{
//Checks file size,extension and uploads the file
}
else
{
//throw new Exception
}
}
else
{
//throw new Exception
}
However, when using the above, isset would return true, even when no files are being uploaded.Upon some googling and looking on stack overflow, specifically isset and !empty not passing through a check for uploaded files , where it is stated that isset will return true due to $_FILES being a superglobal, i looked around for a solution and eventually settles on file_exists() as a replacement for isset() in my code.
My rationale for using file_exists() is that file that are uploaded(submitted) will be stored in a temp directory during the upload process, and if i check for this temp directory, i would thus be able to ascertain if a file is really uploaded.
After replacing isset() with file_exists my code is now working fine, but i am wondering if this is the correct way to proceed, or if there are any other better alternatives.
I look forward to any opinions and/or advice.
$upload=$_FILES['Upload']['tmp_name'];
if($upload)
{}
This will give the file temp name or null.
I would use the error-code given by $_FILES:
if($_FILES['Upload']['error'] == UPLOAD_ERR_OK) {
//seems to have worked
}
There are even other error-codes you could check against, for example if the file was to big etc.
Hi guys I'm using this code http://www.w3schools.com/php/php_file_upload.asp to upload files and it works great but now I'm doing a form with an optional image and it won't let me upload. It says it's an invalid file format since it's no file at all. How do I check if there is a file to upload or not and then skip the upload script if there is none?
Thanks!
Note: I have removed the size limitation from the script if that makes any differance.
if ($_FILES['nameofyourfileinput']['error'] === UPLOAD_ERR_OK) {
... file has been uploaded and everything went ok ...
} else if ($_FILES['nameofyourfieinput']['error'] !== UPLOAD_ERR_NO_FILE) {
... something OTHER than a 'no file was uploaded' error has occured...
}
Upload error codes defined here.
Just check if the file's error code isnt 4;
http://php.net/manual/en/features.file-upload.errors.php
If I upload a text file via a form, is it possible to output its contents directly from the $_FILES variable rather than saving it onto the server first? I know this is a security risk, but it will only be run on a local machine.
Doing
file_get_contents($_FILES['uploadedfile']['tmp_name']);
is valid however you should also check to make sure that the file was uploaded through a form and that no errors occurred during upload:
if ($_FILES['uploadedfile']['error'] == UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) { //checks that file is uploaded
echo file_get_contents($_FILES['uploadedfile']['tmp_name']);
}
A helpful link is http://us2.php.net/manual/en/features.file-upload.php
The file is saved to temp directory the moment it's uploaded, but you can use $_FILES['uploadedfile']['tmp_name'] to read it without having to save in a permanent place.
Unfortunately, no. At least not through the $_FILES variable. Sorry.
EDIT: It is always saved as the temp file in $_FILES and you'll always have to use that one for content.