This seems like a simple question...I am trying to allow users to 'load' a saved data file with a Load button, choose file, etc. Can I read the data file directly into a variable from their file or does it need to be uploaded to the server first then opened and read closed and then unlinked?
Thank you,
Todd
Because PHP is SERVERSIDE you can't do anything without uploading the file. Unless this file already is on the server, there is no way around this problem.
I prettier way of doing it could be to use a jQuery-plugin to upload the file (without the page getting refreshed) and then access the content using ajax
It needs to be uploaded for PHP to access it, unless the file's contents are sent via JavaScript to PHP. That relies on a cutting edge browser.
Yes, you have to upload the file first because you have no access to the user's filesystem through browser neither using PHP nor JavaScript.
Related
I want to be able to upload a CSV file to a Webpage, and then have PHP store that information to a array and do stuff with it WITHOUT saving the CSV file to the server. How is that possible?
Looking into it, there's the normal GET and POST, which upload the file to the server. There's also PUT, but it looks like it just saves on top of an already existing file on the server.
And from the looks of the process to extract data from a CSV, PHP needs to know the location of the file.
Is it possible to just have the PHP work with the CSV file without saving it to the server somewhere? That way I don't have to worry about security issues with uploading files to a server. I don't need to hold onto the CSV data afterwords, just manipulate it in the current session.
When a file is uploaded to the server from a form, the file is stored temporarily ( $_FILES['someinputname']['tmp_name'] ) . No one says you have to do anything with this file before you can use it. You can read directly from the temporary path and forget about it. This, of course, does not leave you free from harm. Validating the file type is what you expect and not of malicious nature MUST be done before doing anything with a file you don't trust.
No lazy way around being safe.
CSV is just a text file. So you can read the file using javascript from client side and get the text from the file.
Javascript - read local text file
And then send the text to server and then work with it.
I'm trying to write a script that allows the upload of php files for parsing. Most of the tutorials and security information I can find on Google and here assume you're only allowing the upload of images (so use getimagesize, etc).
How do I confirm a file uploaded is really a PHP file without relying on the headers? Also -- I don't plan on storing the file in any way, I just want to grab the contents, parse it, and dump the info -- is there a very secure way to just grab the contents without actually saving the file to temp? If I do have to save it to temp, if I just grab the contents and then quickly delete it, am I still facing security threats and, if so, how do I dampen them?
What sort of sanitization do I need to do to PHP file contents to prevent misuse of the system? Basically, is there a way for a malicious user to 'inject' running code if I'm just parsing the contents as text?
If you just want to get the content of the file, use file_get_contents(), you get the contents of the file as a string.
http://us1.php.net/manual/en/function.file-get-contents.php
And then just use regular expression or w/e you use to parse with strings.
I'm looking for a way to send a user a regular file (mp3s or pictures), and keeping count of how many times this file was accessed without going through an HTML/PHP page.
For example, the user will point his browser to bla.com/file.mp3 and start downloading it, while a server-side script will do something like saving data to a database.
Any idea where should I get started?
Thanks!
You will need to go through a php script, what you could do is rewrite the extensions you want to track, preferably at the folder level, to a php script which then does the calculations you need and serves the file to the user.
For Example:
If you want to track the /downloads/ folder you would create a rewrite on your webserver to rewrite all or just specific extensions to a php file we'll call proxy.php for this example.
An example uri would be proxy.php?file=file.mp3 the proxy.php script sanitizes the file parameter, checks if the user has permission to download if applicable, checks if the file exists, serves the file to the client and perform any operations needed on the backend like database updates etc..
Do you mean that you don't want your users to be presented with a specific page and interrupt their flow? If you do, you can still use a PHP page using the following steps. (I'm not up to date with PHP so it'll be pseudo-code, but you'll get the idea)
Provide links to your file as (for example) http://example.com/trackedDownloader.php?id=someUniqueIdentifer
In the tracedDownloader.php file, determine the real location on the server that relates to the unique id (e.g. 12345 could map to /uploadedFiles/AnExample.mp3)
Set an appropriate content type header in your output.
Log the request to your database.
Return the contents of the file directly as page output.
You would need to scan log files. Regardless you most likely would want to store counters in a database?
There is a great solution in serving static files using PHP:
https://tn123.org/mod_xsendfile/
I need to write a lot of data into a file while almost at the same time (at least at the time file is still opened by fopen()) user's browser needs to access it.
I found it's impossible until fclose() or end of the script.
Is there any way to make it possible?
Perhaps its better to store the data in memory, or work with a temporary file. Then write to the master file at designated points rather then holding open the file for the entire execution of the script.
An option would be to send the file's mimetype to the user (text/plain for example), and echo the current file contents. After that you write both to the file and the output, so that the output to the user will mimic the file.
my requirement is this :
" When users uploaded one file say "sample.tex" then i need to find the same name PDF file in that directory once he upload the "sample.tex". so file name should be "sample.pdf". we have one form that contain two input file fields.. check the image for reference.
http://img40.imageshack.us/i/proofbb.png/
once user upload the first file and click the "Show Author Email(s)" then i need to find another file "sample.pdf" in the same path and put in below file field. Is that possible in PHP or JQUERY or watever... not only PHP Even Java is also fine. Please help me to find the solution.
Regards
Dipen
You cannot do that with plain JavaScript. You can't even obtain the path information from your "first file"; all the browser will tell you is the plain file name (that is, the file name without any path information). You also cannot force a "file" input field to be set to a value.
You might be able to do this by creating a signed Java applet, but that's a whole different enchilada and you'd pretty much have to make the whole form be a Java thing.
(There's nothing you can do from PHP, as all the server will get is the plain filename and no path information at all.)
Let the user do it. Use uploadify with multiple simultaneous uploads enabled. So simple.