My PHP book gives a template HTML form for uploading a file:
<form action="upload.php" method="post" enctype="multipart/form-data"/>
<div>
<input type="hidden" name="MAX_FILE_SIZE" value="10000000"/>
<label for="userfile">Upload a file:</label>
<input type="file" name="userfile" id="userfile"/>
<input type="submit" value="Send File"/>
</div>
</form>
The book displays it as "Upload a file:" [textbox] [Browse...] [Send File]
I copied it verbatim, and the result I'm getting is "Upload a file:" [Choose File] "no file chosen" [Send File]
I'm wondering why the discrepancy exists. Is there a way around it? I'm using XHTML Transitional. No doctype is given in the book. But I doubt that's the issue.
The script I'm writing aims to take the file the user chooses, process it, and write the result into another file that doesn't exist yet. I'm asking this question because it would be useful to let the user more easily copy the initial file path/name, paste it into the other field, and just change a part of it.
(Also: why the difference between "Browse..." and "Choose File"? I tried manually setting the value of the "userfile" field to "Browse..." but nothing happened. This is less important but I'm curious nonetheless.)
It is probably showing a different browser and/or version.
It sounds like you are looking at it under Safari and the book has screenshots of IE, for example.
There are a few ways to get complete control of file uploading and the <input type="file" /> element. You can use Flash, or you can set the input to opacity: 0 and then position what you want beneath it.
Some time ago the browser engines took almost complete control over the input type="file" - fields, since it nowadays is regarded as a security issue. For example the days before that you could easily prefill the file input filed with some path and filename (e.g. something like /etc/passwd) and hide the field, so sending the form you would not remark that you're also sending the file...
That's why for example you could not preset the filename of such a field and that's also why browsers now all do their own thing with these special input fields.
As Alex said above, you could get around this, but it will be some hassle, because it would mean to "fake" the file input field.
Related
I have a file input element that is used to upload a profile image to a user profile page. By default browsers only allow this element to upload one file unless you add the multiple attribute.
I'd like to set a back up in the PHP though just in case someone decides to add the 'multiple' attribute in the HTML.
I thought assigning the $_POST superglobal to a variable and having an if statement saying if this value is greater than 1 would be prevent this, but it doesn't?
What is the best way to approach this? I've tried various things such as the count() array method but can't seem to find a solution to what seems like a very simple problem?
if(isset($_POST['submit-profile-image'])) {
$profileImage = $_POST['submit-profile-image'];
if (isset($profileImage)) {
if ($profileImage > 1) {
$error[] = "You cannot upload more than one profile image";
}
}
// ALL OTHER CODE
}
I've also tried using the $_FILES superglobal and counting the instances of the $_FILES['profile-image']. This encounters a different problem in that it blocks more than one file upload BUT also blocks single file uploads (and I don't understand why)?
if(isset($_FILES['profile-image'])){
if(count($_FILES['profile-image']) > 1){
$error[] = "You cannot upload more than one profile image";
}
}
You can't prevent a user sending multiple files. All you can do is defend against the possibility, and fail gracefully.
Let's assume that your HTML includes this <form>
<form method='post' enctype="multipart/form_data">
<input type='file' name='uploadFile'>
<input type='submit' name='submit'>
</form>
When the user selects a file and clicks submit the browser packs up the file and sends it, PHP unpacks the file to the server disk, and then presents the file details to your program in the $_FILES['uploadFile'] array.
If we assume that the user edits your HTML and adds multiple then the browser will pack up the files and send them. PHP will unpack the first file and add its detail to $_FILES['uploadFile'] as before. It will then unpack the second file and place its details in $_FILES['uploadFile'], overwriting the first file. Your program sees only one file, knows nothing of any other file, and carries on.
To get two files your user will have to change the name of the file input to use array syntax, so lets suppose he changes the line to
<input type='file' name='uploadFile[]' multiple>
Now PHP unpacks the file details into a set of arrays. Instead of having $_FILES['uploadFile']['name'] containing a string with one filename, it becomes an array of strings.
It is likely that your code, expecting a string, will choke on an array and fail in some unexpected way. You can check for this condition with
if (is_array($_FILES['uploadFile']['name'])) {throw new Exception("Too many files");}
So, our user, determined to force this extra file on you now adds a second <input> to the form:
<form method='post' enctype="multipart/form_data">
<input type='file' name='uploadFile'>
<input type='file' name='uploadFile'>
<input type='submit' name='submit'>
</form>
The second file overwrites the first as it has the same name. Your program is none the wiser and carries on with just one file. So the user changes the name on the second input:
<form method='post' enctype="multipart/form_data">
<input type='file' name='uploadFile'>
<input type='file' name='uploadFileB'>
<input type='submit' name='submit'>
</form>
You could check for this by looking at count($_FILES), but your program isn't looking for a second input, so it will ignore it anyway and carry on handling just the first file. If the user also changes the first name your program won't see any files, and if he reverses the names, your program will see just the second file and ignore the first.
Alternatively, set the PHP configuration value in PHP.INI:
max_file_uploads = 1;
If you do this, PHP will ignore the second and subsequent files. Your code will still have to deal with the naming issues. Setting this with ini_set() doesn't seem to have any effect.
I need to get the full file path including file name information to handle later with PHP.
I am running into many difficulties.
We can use a html form with the html
<form method="post" enctype="multipart/form-data">
<input type="file" />
However, to pass this information we need to the server, we actually have to upload the file, I do not want to do this as its wasteful, The reason being is that this project is just for my local machine, The file already exists on my machine.
A manual way of achieving this is to provide a input text field, and inserting the file(s) full location path here via another file navigation window(copy/paste), But this quickly becomes boring and requires to much work when using the tool often.
Any other suggestions to achieve this?
This isn't possible. This has been discussed before and the explanations they give there are good, so I won't repeat:
How to get full path of selected file on change of <input type=‘file’> using javascript, jquery-ajax?
paste following line under file tag,your problem will be solved
webkitdirectory directory multiple
<input type="file" id="ctrl" webkitdirectory directory multiple/>
I'm using wampserver on my computer and wrote a simple html-form:
<form name="test" action="upload_file.php" method="post">
<label for="file">Filename:</label>
<input type="file" name="picurl" id="file" ><br>
<input type="submit" name="submit" value="Submit" >
</form>
When I click on "browse" and open a file ,for example pil.png it shows in the input textarea the full path(C:\Users\hope\Desktop\images\pil.png)
I want this exact link saved but when I try to catch it $name = $_POST["name"];it only displays this- "pil.png" not the full path. why?
You cannot get the complete local file path. Only the file data itself and its name is submitted to the server. The file path being displayed in the input element is only visual styling, it has no functionality.
File elements are very limited for security reasons, and that's a good thing.
The browser doesn't submit the full path because it would be a privacy problem, you would be exposing your file system structure to the server. It's not relevant to the server and the server doesn't need to know where the file was located on the client's filesystem.
You are getting only file_name because you are not asking for path.
to get full path you have to use
public string SplFileInfo::getRealPath ( void )
try
var_dump($_FILES['picurl']);
now first thing is I've seen everywhere over the net what to do in the case that what I'm trying to do doesn't work, I've tried all of the solutions and they don't work, I'm obviously missing something.
I'm uploading multiple files from a form field. This works perfectly and runs some code that resizes etc deletes tmp files blah blah.
The problem is if I don't want to upload any files the upload and image processing script still runs throwing a bunch of errors.
I've tried the following... plus a bunch more with some weird variations :P
if($_FILES['gallery']['name']!=""){ // if files then...
include_once("gallery_edit_script.php");
}
and
if (count($_FILES["gallery"]["name"] > 0)){ // if files count is more than 0 then...
include_once("gallery_edit_script.php");
}
Would the fact that the gallery_edit_script.php is an include have something to do with it?
I checked the file error with...
$_FILES["gallery"]["error"]
It showed no files were selected to upload which was exactly what I wanted.
Any ideas people?
Thanks for anyone who has a look at this.
Cheers
Added HTML but like I said upload is working fine, it's when I want to post the form and not include files to upload that I want it to skip the gallery script. This is on an edit page, so the user has submitted form, data added to db and files uploaded, then comes back and wants to edit data but not upload files.
HTML (simplified as there are heaps of fields etc)
<form action="inventory_edit_lease.php" enctype="multipart/form-data" name="myForm" id="myForm" method="post">
Gallery Photos <input class="input-file" type="file" name="gallery[]" id="gallery" multiple="multiple" />
<input class="button-edititem" type="submit" name="submit" id="button" value="" onclick="javascript:return validateMyForm();"/>
</form>
Sorry I didn't add HTML first time round, form works so didn't think I really needed it ;)
Few check lists...
Make sure you have named your <input type="file" /> as gallery:
<input type="file" />
Make sure the <form> tag has a method="post" and action="" to the correct URL.
Also, make sure your <form> tag has enctype="multipart/form-data" else you won't be able to upload files via that form!
We need to see the HTML Code of your file before we can suggest something. Make sure you have followed the above checklists and even then if it isn't working, post the code and let us know!
Without HTML form I'm just guessing:
for multiple file uploads with same name you must have the filed as
on server side you will receive them as $_FILES["gallery"]
$_FILES["gallery"] will be an array of elements, eg:
foreach($_FILES["gallery"] as $file){
var_export($file);
}
For those interested this is what worked :)
I got this from another thread if($_FILES['files']['name']!="") run if files, don't run if no files headache
if(!empty($_FILES['gallery']['tmp_name']))
{
include_once("gallery_edit_script.php");
}
else
{
header("Location: inventory_list_sales.php");
}
Funny thing is I tried this with another site I'm working on with almost identical code as I copied all the files and only edited small parts and it doesn't work lol
Thanks for everyone's help :)
<form enctype="multipart/form-data">
<input type="file" name="mp3" />
<input type="submit" />
</form>
I tried the above,and found var_dump($_FILES); is always empty.
It only works when you upload text files or images.
UPDATE
I added method="POST" and it works.Why is POST necessary here?
MP3 file uploads should work like any other file upload, there's no discrimination by file type or extension.
Check whether your file is not larger than allowed.
PHP manual on file uploads
PHP manual on file uploads: Common pitfalls
Update: #Adhip Gupta solved it. GET seems to be the default method for a FORM, not POST as I thought. Check here: http://www.w3.org/TR/html401/interact/forms.html#h-17.13.1
This attribute specifies which HTTP method will be used to submit the form data set. Possible (case-insensitive) values are "get" (the default) and "post". See the section on form submission for usage information.
Did you specify the form method to be POST explicitly and try?
First thing to check is how big the files are, and what the max upload size in PHP.ini is set to.
Nothing wrong with your PHP code. And neither PHP nor the webserver know the difference between a MP3 file and other types of content.
Have you checked its not size related?
Do you know that there isn't other things between the browser and the PHP which might be filtering?
Have you tried using a wiretap (e.g. wireshark) to confirm the data is leaving the browser / getting to the server?
C.
Maybe you have missed the MAX_FILE_SIZE which should be included.
<input type="hidden" name="MAX_FILE_SIZE" value="157286400" />
You should also add action="some.php" and method="POST" to <form>
OR using http://www.uploadify.com/ with ajax