I have JS uploading to PHP which creates a /tmp/ file. Then JS lets the user to edit the meta data to send back to the API.
The JS then sends back to my php API:
"image":"#/tmp/test.jpg"
From that, I would like to invoke a $_FILES['image'] object to copy and move_uploaded_file with
Is this possible? Thanks!
Nope, that's impossible. The very purpose of move_uploaded_file() function is to check if the file were really uploaded, not faked by some API.
You can use copy() instead but make sure you took all the precautions.
For uploaded files, the manual states:
The file will be deleted from the temporary directory
at the end of the request if it has not been moved away or renamed.
So you can move_uploaded_file to your custom temporary directory and respond to your client-side application with a new file name. Then you will probably need to write a script which cleans your temporary directory at some time (using cron)
Related
Am I enforced in some way to use move_uploaded_file() and/or delete the temporary file?
My application needs only to load the file contents in memory (eg. via file_get_contents()). Do I need to move it to another directory before? Otherwise, am I required to delete it at the end of the script?
If you don't want to save the uploaded file somewhere, you don't need to use move_uploaded_file(). Read from the file however you like; it'll be deleted automatically by PHP at the end of the request.
Yes, in cases when open_basedir or safe mode (hopefully safe_mode will go out of style eventually) otherwise prevent you to read from the location the uploaded file was saved to. The move_uploaded_file() is aware of those restrictions but only enforce them to the second parameter, so you can move files out of lets say /tmp/ while otherwise you couldn't read that directory.
I used this code to find the temporary location of files(pictures) that users(me) upload to my site using a php upload script.
echo sys_get_temp_dir();
returns
C:\Users\a\AppData\Local\Temp
When I look in the temp folder I see some files with .tmp so I don't know if they are the ones downloaded. I'm trying to troubleshoot my PHP upload script. This is because I want to first verify the actual files are downloaded before I use the php move function.
Have a look at is_uploaded_file(). The $_FILES superglobal has information as well. And finally, the whole section about file uploads.
You are looking for is_uploaded_file function.
Is it possible in PHP to configure it to somehow not save files to disk at all? As a matter of fact, the best thing would be to get the script going before even reading the entire POST body. (Keeping my hopes high ;))
You can turn off file uploads via a configuration setting in PHP.
http://php.net/manual/en/ini.core.php#ini.file-uploads
PHP needs a place to temporarily store the files content for you to be able to interact with it through PHP - although, you don't have to do anything else other then access the temporary file to get the data:
$content = file_get_contents($_FILES["user_file"]["tmp_name"]);
From here on you can manipulate with the files content without having to move the uploaded file to another location before accessing it.
You can use HTTP PUT requests to directly upload a file. PHP will not handle the upload directly (e.g. set it up in $_FILES). Instead, you have to read the raw bytes from the php://input pseudo-url and from there can do whatever you want.
There's some details and examples here.
I am working on a csv import option on my php page. Is there any way to allow the user to upload a csv for processing and then destroy the file when it is complete? I have seen plenty of tutorials for uploading files, but none seem to mention something like this.
Sure! Take an upload script, and unlink() the file when you're done. Nothing to it.
Don't process the temporary file directly, though. Always move_uploaded_file() it to a directory you control. Then, delete it there.
When you upload a file to PHP it's stored in a temporary location, you can move it from there to a working directory, do your processing and then remove it.
$working_file = "/temporary/file";
move_uploaded_file($_FILES["file"]["tmp_name"], $working_file);
... // Do your processing on $working_file
unlink($working_file);
All you have to do is unlink() it when you've finished processing to delete it.
For more information on uploading files see:
http://php.net/manual/en/function.move-uploaded-file.php
http://www.w3schools.com/PHP/php_file_upload.asp
I'm uploading files via JS and storing the temp path in the session.
Than i use the following code to move the files.
if(move_uploaded_file($_SESSION['temp_img'][$key]['path'], $dest.$bigimg)){
$dest and $bigimg are defined earlier in the script with the id from the database.
Any Ideas or alternatives ?
MANCHUCK's answer was close but not quite there. You must call move_uploaded_file within the script where the file was uploaded. You cannot do what you're doing, that is, "storing temp path in the session" because that path is only valid for one request.
From the PHP manual:
The file will be deleted from the
temporary directory at the end of the
request if it has not been moved away
or renamed.
(Emphasis mine)
move_uploaded_file checks that a file has been uploaded to that page. You are actually uploading the file to a different PHP script then storing in a session. Instead of using move_upload_file use rename.
What is the output of $_SESSION['temp_img'][$key]['path'], also do you have permission to write to the web directory your placing the files. You may need to set it to 777 for some hosts to allow the webserver to write there.