Ok so I have a HTML form, 10 files get uploaded. 6 images and 4 pdf. some of theses files are required others not.
My problem is when my script verifys the data and retuns to the user that he/she has errors all the file inputs are come back as blank... and if the user re-submits... the files are not saved.
This form has other fields other than the files as well.
I tried putting $_POST in the value of my inputs but that does not repopulate with the local file names.
I would like it so my users dont need to re enter all the files they want to upload if they made 1 or a few mistakes.
edited:
SO is this normal that the post isnt giving me the file name?
is the file still saved as temp on the server?
The value attribute of the file input type doesn't exist as this is a security risk. You can't read it or set the value of it (client or server side) so even if you had the local path on the user's computer you couldn't fill it in.
I would try to do some sort of client side (even through ajax) form validation before they submit the form. If they do submit the form, the files will upload and should still be in the temp directory (at least until garbage collection kicks in). Maybe on error write the information in $_FILES to session and instead of showing the file upload dialog, show an icon for the file to try to let them know you got the file, but they need to fix the form for everything to finish. Then after they submit the corrections you can get the data from the session and try to continue.
Make sure to specify proper settings for:
file_uploads
upload_max_filesize
memory_limit
max_execution_time
post_max_size
See:
How to optimize your PHP installation to handle large file uploads
Also make sure that:
You have specified the enctype="multipart" in the form
Check the files array with print_r($_FILES);
Instead of redirecting them back to form use a bit of JavaScript and make client browser to go one page back. Then he should file that were selected before.
You could use something like:
<body onLoad="javascript:history.go(-1)">...</body>
Related
I have a page.php where I load a .csv file, read it and eventually upload the values into a database. What I want to do is, once the file is loaded in my form, and I've read it, first I check into my database if I still have space available, and if there is no space left, I print a message saying there is no space left, do you want to upload it anyway? I can get till this point, but I don't know how to send the file that has already been loaded into my form, to the same page through a post form, or any other method.
Here is how I read the file when I upload it
$file = $_FILES['file']['tmp_name'];
but if I try to send $file variable through a hidden field in the new POST form, it doesn't work.
You cannot send a file through hidden inputs due to security reasons. what I would recommend is to save the uploaded file on server when you read it the first time. Then if user clicks on anyway, then pass this saved file as the input for this 2nd iteration.
It can not repopulate field input.
So you can
1) use ajax to check if there are enough space and show message if no space left
or
2) store data from file in file on web server, and store data about it in hidden field in html form and after second submit use stored file.
so basically I have a multistep form with X steps.
In the first step, I offer a file upload form to the user.
This just behaves like a normal HTML file uploader:
User selects file
File Box, shows pathname
If the user clicks on "next" the file should not be uploaded.
If the user reaches the last step of the form, the files he/she has choosen in step-1 should be uploaded now.
I have no idea if this is actually possible. There are also a couple of problems
The value from input type="file" gives something like C:\fakepath\filename.ext
Saving the above in a session for later upload does not make sense.
How can I get the uploader to work in the last step?
Yes, this is actually possible, and saving data between pages make sense, otherwise, how could you remember what he sets in the file input?
If it is a simple HTML page, I assume your are using PHP. Register files in a temporary variable or session, put it in a hidden input in the HTML code if you don't use session.
At the last step, set your files and upload it.
Good luck.
I am building a form right now that returns the user back to the form itself if there is missing fields or fields are entered wrong. One of the inputs is a image file. I was wondering if you want to echo out the image location again, do you use $_FILES[tmp_name]?
e.g. value="$_FILES[tmp_name]" to echo back the location so the user doesn't have to reselect the image again.
its not possible this way.
the $_FILES[tmp_name] reflects the full path of the already uploaded image on the server.
an its not possible to pre-select the upload field in the browser and its also not possible to get the full client-side path of the uploaded file.
so in case of an error, you could copy this temporary file to another location and display the already uploaded image to the user instead of giving him the upload field again.
but you need to make sure to delete this copied image if the user didn't try to fix his invalid fields.
or you seperate the validation of the fields from the image upload part. using some ajax magic or seperate form.
No, you can't use $_FILES['tmp_name'] in this way, as that isn't the name it had on the users computer, but the temporary name that it has on your server in your tmp folder. Not sure if there is a way to do this. I'll look into it and let you know if I find anything, but I doubt there is.
If you used an AJAX file upload, you wouldn't have to worry about this though.
This is not possible, you could try to use a value attribute on a file input to see that it has no effect.
Imagine that if you could do this it would be a serious security problem (ie: hide a file input with a pre-filled value with a common path for an important file and get it the same time with some other details)
If the form is submitted via normal html form submission then you do not have access to the user's file path. Your best bet is to use an AJAX form submission.
My client wants to have a 3 page form. The first page allows the user to enter data including a uploaded file. the second page confirms this data. and the third page submits the data to the database and directories.
Via post, I can keep saving the data to a hidden input fields, thats no problem. My problem is the uploaded file. how do I hold that document from page to page ? I am using Cakephp but any advice would help, thanks
You can always just create the illustion that the form is utilising three different pages. Use AJAX to accept and validate/request the user confirm their submitted data. If in this view they accept it initiate a POST to submit all that data.
You really don't need three physically different files to achieve this but you can still let it appear in three stages to keep your client happy.
You just upload the file to temp directory and keep the value in hidden variables just like other form data . If form successfully submitted then the image copy to desired location other wise delete the image
You can easily fake these 3 pages using CSS. Or even 2, as "third page" is actually a server script which has nothing to do with pages in the browser.
Just make your form, then put an event on the submit button which changes divs to whatever "confirmation page" he wants. and then actually send the form using a button on this page.
that's all
An uploaded file is always held temporarily. The server env var should tell you where it is. In Ruby's rack it is stored in the params var. So I guess there is a similar params var in php which has a hash with all the necessary information.
Since the file would be uploaded on the first step, one option is to put the file's location in a hidden input field along with the rest of the data (either there, or put it in the session). With CakePHP, if your file field looks somewhat like that:
<input type="file" name="data[User][image]" id="UserImage" />
Then you will be able to capture the location through
$location = $this->data['User']['image']['tmp_name'];
Which will correspond to something like /var/tmp/xxxxxx
On the last page, if the user confirms all the data, you just use move_uploaded_file() to put the file wherever you want on the server.
move_uploaded_file($location, '/new/location');
I am developing a script in PHP for uploading files to a MySQL database. There various things that need to selected in addition to the actual file that go into the database entry. The script needs to be designed so that it checks to make sure all of the proper selections have been made, and if they are not the script returns to the upload file state with the values the user had selected still populated. I have accomplished this for the select boxes of the from using session variables, however I can not figure out how to get the actual path of the file upload input to post. I can only seem to access the file name and not the actual path from the $_FILE array. I have also tried to do the following:
echo "<input type='hidden' name='MAX_FILE_SIZE' value='8000000'>";
echo "<input type='hidden' name='remote_file_path' value=''>";
echo "<input name='userfile'type='file'
onchange='document.uploadForm.remote_file_path.value=this.value;'>";
Naturally, the form name is "uploadForm". This works, but again when access the value of $_POST['remote_file_path'], I am only receiving the file name and not the path. After some investigation it appears that this is a security feature built into Fire Fox. I am starting to think it can't be done.
Thanks in advance.
You can't populate file select text box for security reasons, just as you discovered. However, you don't really need to populate file text box to retain the uploaded files.
Every time, a file is uploaded to your server, move it to a secure location and also link it with the current session or user. Now, when you redisplay the form because user made some mistake (or wants to edit something), display the filename along side the empty file box. That way, user can see what files they have already uploaded. With some JavaScript you can give user the option to cross off the filename upon which they can fill up the file text box again and submit another file which will be processed in the server. if the file box is empty, previously submitted file would be assumed to be the valid one and processed.
You don't receive complete file path (in some browsers), and can't change an <input type=file> value (through scripting) in any of them, since those actions poses as security problems.
You don't need the hidden fields, PHP will parse the posted data for you, and present it in the $_FILES array:
http://www.php.net/manual/en/features.file-upload.post-method.php
Like many have said, you can't it is a security issue via HTTP. What happens when you upload an image from a local machine is the function fires off and creates the tmp_name to be accessed on the server.
However if you truly want this functionality you can use pure Java via an applet to get a local path. However what are you trying to do, there may be a better way of going about it rather than what you are thinking.