I am following this tutorial to upload a file using php http://www.w3schools.com/php/php_file_upload.asp
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>
Using this, I have to refresh the page or redirect it, is there a way I can just upload it in the background?
Thanks
Do as all the other scripts. Create a hidden iframe, set a target on your form to that iframe and your good to.
Why not using jquery uploads plugins? You can find plenty of them and they doing a wonderful work.
Try jQuery Form Plugin
There are loads of scripts out there to help with file uploads.
Some examples:
http://pixeline.be/experiments/jqUploader/test.php
http://www.uploadify.com/demos/
Just do a google search or two!
But you will need some javascript knowledge.
Use AJAX, to read and write your requests and responses. Search on XMLHttp Requests and that may help. You can do a POST operation there.
Related
So I have 4 pages. They are very simple.
index.php (WORKS)
<html>
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="file"><br />
<input type="submit" value="Now upload it!">
</form>
</html>
upload.php (WORKS)
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
echo 'Are you sure you want to continue saving this file';
echo 'Yes, continue
<br />
<br />
No thanks'
}
?>
no.php (WORKS)
<?php
echo 'Thanks anyway';
?>
yes.php (ERROR)
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
echo 'We will now save this document:';
//Save document code
}
?>
Output of yes:
Notice: Undefined index: file in /home/public_html/test/yes.php on line 2 Invalid file
We will now save this document:?
As you can see I never save it. But I would like to save it in the yes.php page. Is it still possible to retrieve that original doc that was uploaded? Thanks in advance.
Uploaded files are only available for a single PHP instance/request cycle.
Uploaded files are stored in the temp directory. If they're still there when the script finishes executing, PHP will delete them assuming you didn't need them.
If you want to persist the file, you'll have to move it elsewhere in the same request that the file was uploaded.
You are trying to pass files from a form to a different page then intended. The post values will no longer be valid. I would suggest saving the file in the upload.php to a temporary folder and from there passing it to either the yes or no page via a $_GET[] or session variable.
On the no.php page you would take that file and use
unlink($somefile);
This will delete the file from your server.
On the yes.php page I would move or copy the file. If you copy the file, I would use unlink to remove the temp file.
You could try using move_uploaded_file() to temporarily save the file and then pass the file information using
Yes, continue
No thanks
Then retrieve the filename in yes.php using
$tmpFile = $_GET["filename"];
or remove it in no.php using
unlink($_GET["filename"]);
If the file is not too large, copy the file content in a session variable. The session will be preserved from one page to another.
<?php
$file= $_FILES["file"]["name"];//file selected in form
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
move_uploaded_file($_FILES["file"]["tmp_name"],
"c:/EasyPHP-12.1/www/new website/upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "c:/EasyPHP-12.1/www/new website/upload/" . $_FILES["file"]["name"];
if(($_FILES['file']['size'] >0))
{echo 'imagetrue';$con=mysql_connect('localhost','abc','YES') or die ("con");;
$db=mysql_select_db("website",$con) or die ("db");
$query=mysql_query("insert into website.picture (imagew) values ('$file')") or die('query'); //storing in db}
//echo $_FILES['file']['error'] ;
$query2= mysql_query("select * from website.picture");
$res=mysql_fetch_array($query2);
foreach($res as $row){
$str = "c:/EasyPHP-12.1/www/new website/upload/ ".$row['imagew'];
echo '<img src="'.$str.'" alt="no">' ;}
?>
i am using this script to store image and then displaying it on webpage but it is not working it only displays empty thumbnails...
I'd be very suspect about using absolute paths like c:/EasyPHP-12.1/www/new website/upload/
I'f you're then accessing the page from http://127.0.0.1/new-website (which I presume you are - or something similar) then having windows system pathnames could be a problem - do browsers even read the local filesystem like that ?
Also, it makes it very un-portable for when you move it to another server.
I'd suggest $str = 'upload/'.$row['imagew']; So it's relative to the document hosted in (I presume) 127.0.0.1/new website/image-viewer.php (or whatever you called it)
Check the return value of move_uploaded_file() - if it's false then it has failed. If that's failing try using the relative path :
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
This again presumes your script is sitting in 127.0.0.1/new-website
EDIT - NOTE ::: Is your form using enctype="multipart/form-data" ? If it's not then the images never get to the server !
So I have 4 pages. They are very simple.
index.php (WORKS)
<html>
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="file"><br />
<input type="submit" value="Now upload it!">
</form>
</html>
upload.php (WORKS)
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
echo 'Are you sure you want to continue saving this file';
echo 'Yes, continue
<br />
<br />
No thanks'
}
?>
no.php (WORKS)
<?php
echo 'Thanks anyway';
?>
yes.php (ERROR)
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
echo 'We will now save this document:';
//Save document code
}
?>
Output of yes:
Notice: Undefined index: file in /home/public_html/test/yes.php on line 2 Invalid file
We will now save this document:?
As you can see I never save it. But I would like to save it in the yes.php page. Is it still possible to retrieve that original doc that was uploaded? Thanks in advance.
Uploaded files are only available for a single PHP instance/request cycle.
Uploaded files are stored in the temp directory. If they're still there when the script finishes executing, PHP will delete them assuming you didn't need them.
If you want to persist the file, you'll have to move it elsewhere in the same request that the file was uploaded.
You are trying to pass files from a form to a different page then intended. The post values will no longer be valid. I would suggest saving the file in the upload.php to a temporary folder and from there passing it to either the yes or no page via a $_GET[] or session variable.
On the no.php page you would take that file and use
unlink($somefile);
This will delete the file from your server.
On the yes.php page I would move or copy the file. If you copy the file, I would use unlink to remove the temp file.
You could try using move_uploaded_file() to temporarily save the file and then pass the file information using
Yes, continue
No thanks
Then retrieve the filename in yes.php using
$tmpFile = $_GET["filename"];
or remove it in no.php using
unlink($_GET["filename"]);
If the file is not too large, copy the file content in a session variable. The session will be preserved from one page to another.
I've been searching high and low for this and can't find any forms that will help me! I'm not proficient with php and I need to create a form for a client, creating the form is no problem, but they want a file upload function which will send the file as an attachment NOT upload it to the server.
I found one on the net that uses PEAR but I was having big trouble getting it working on a shared hosting account.
Could anyone help please! Is there any forms "ready made" that I can use for this?
Thanks!
EDIT- PLEASE READ MY FOLLOW UP QUESTION HERE:
https://stackoverflow.com/questions/6138979/adding-an-upload-file-field-to-a-php-form
I've used a PHP script downloaded from www.webmastercode.com once, and it worked well. Here's a link to a site which explains what it does: http://blogs.sitepoint.com/advanced-email-php/. Hope this helps!
I'm thinking that MIME is good to be used here. It's very simple to set up (just some includes()s)
// IMPORTANT: add pdf content as attachment
$filepath = ('uploads/pdf/'.$attachment);
$mime->addAttachment($filepath, 'application/pdf', $filepath, true, 'base64');
// build email message and save it in $body
$body = $mime->get();
// build header
$hdrs = $mime->headers($headers);
// create Mail instance that will be used to send email later
$mail = &Mail::factory('mail');
// Sending the email, according to the address in $to,
// the email headers in $hdrs,
// and the message body in $body.
$mail->send($to, $hdrs, $body);
The above code requires that you have the MIME extension included and your best bet for adding an attatchment is probably to upload the file, send the email, then delete the file.
you could make a temp upload file php script and put the change the form so it will make the temp file as the attachment?
so to upload a temp file
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>
then you can make the temp file to be your attachment so...
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
$tempfile = ($_FILES["file"]["tmp_name"]);
}
?>
something like that?
got most of the upload php script from...
http://www.w3schools.com/PHP/php_file_upload.asp
but the other guys one is betta :-p
Is this totally safe or not? I would like a totally safe file uploading script for my new project. Here is the one I found:
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
You can't trust the $_FILES["file"]["type"] for mime types. That information is sent by the browser so it could be faked. It's best to check mime types with mime_content_type or Fileinfo.
One thing to be aware of is MIME Type Detection in Internet Explorer, which can turn your images into a security risk.
Even if a file has the right extension, and is served with an image mime type, if the file itself contains tokens like <html>, <body>, etc, IE (7 and older) may still interpret it as HTML, opening up a possible XSS exploit.
The files with viruses are still going to get through.
Looks ok to me.
Unless files are scanned, there is no totally 100% safe way to do file uploading. Remember, PHP is a scripting language, not a security program language. So it is as safe as you make it. That said, besides limiting the size and type, the only other thing you might be able to do is check for weird file names - weird being what you define for your application.
If you can use a third party service to scan your files (as yahoo scans attatchments for viruses) for virus, that would make the application better, but I don't know of any off the top of my head.
This might be the over-pedantic ramblings of a security analyst, but you should validate all those fields, using regular expressions for example. And the content as well. Otherwise you just can't be sure. One could quite easily trick that code into accepting a file as being an 'image/gif' then embed a script in it that a particular Apache handler might choose to treat as a valid command! (maybe not by default, but when you install a 'cool new Apache module' in the future...)
If you want a 'totally' secure script: Validate EVERYTHING to make sure everything is exactly how you want it and nothing more or less.