If I upload a text file via a form, is it possible to output its contents directly from the $_FILES variable rather than saving it onto the server first? I know this is a security risk, but it will only be run on a local machine.
Doing
file_get_contents($_FILES['uploadedfile']['tmp_name']);
is valid however you should also check to make sure that the file was uploaded through a form and that no errors occurred during upload:
if ($_FILES['uploadedfile']['error'] == UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) { //checks that file is uploaded
echo file_get_contents($_FILES['uploadedfile']['tmp_name']);
}
A helpful link is http://us2.php.net/manual/en/features.file-upload.php
The file is saved to temp directory the moment it's uploaded, but you can use $_FILES['uploadedfile']['tmp_name'] to read it without having to save in a permanent place.
Unfortunately, no. At least not through the $_FILES variable. Sorry.
EDIT: It is always saved as the temp file in $_FILES and you'll always have to use that one for content.
Related
Got the server, got the domain, got the code, getting the images successfully, making the products for the customers from the image files they upload. Yay!
Problem: all my image names are image_0001 etc.
Customers can't rename image files from iPhones and do not care to from PCs.
So I was thinking about putting a short form on the upload page asking for customer's last name and having the PHP code attach that name to the image file(s) being uploaded.
If it's not possible, I'm sorry for the inconvenience.
You can rename files after they have been saved to your server, check out the PHP manual for the rename function - http://www.php.net/manual/en/function.rename.php, or just while you are moving them from the tmp directory, you can specify a different name for the uploaded file. See http://www.php.net/manual/en/function.move-uploaded-file.php
Be careful to include something in your code for dealing with naming conflicts.
This one might help :
$imagename = basename($_FILES['file']['name']);
$ext = pathinfo($imagename , PATHINFO_EXTENSION); //we want to change the file name but not the extension
$newImagename= $imageName.$username.'.'.$ext; //assuming you hold the username in $username
if (move_uploaded_file($_FILES['file']['tmp_name'], "/path/{$newImagename}"))
{
....
}
I have a form for uploading data into my database.The form has a number of input fields ranging form text,number,textarea and file(images).
When the form is submitted, i check if there are any images being uploaded and if so, check if the image being uploaded passes a series of checks( below maximum file size, correct extension etc), with the entire process in a try/catch block set to throw exceptions should any check fail.
My checks are as follows:
$upload=$_FILES['Upload']['tmp_name'];
if(isset($upload))
{
if(!empty($upload) && is_uploaded_file($upload))
{
//Checks file size,extension and uploads the file
}
else
{
//throw new Exception
}
}
else
{
//throw new Exception
}
However, when using the above, isset would return true, even when no files are being uploaded.Upon some googling and looking on stack overflow, specifically isset and !empty not passing through a check for uploaded files , where it is stated that isset will return true due to $_FILES being a superglobal, i looked around for a solution and eventually settles on file_exists() as a replacement for isset() in my code.
My rationale for using file_exists() is that file that are uploaded(submitted) will be stored in a temp directory during the upload process, and if i check for this temp directory, i would thus be able to ascertain if a file is really uploaded.
After replacing isset() with file_exists my code is now working fine, but i am wondering if this is the correct way to proceed, or if there are any other better alternatives.
I look forward to any opinions and/or advice.
$upload=$_FILES['Upload']['tmp_name'];
if($upload)
{}
This will give the file temp name or null.
I would use the error-code given by $_FILES:
if($_FILES['Upload']['error'] == UPLOAD_ERR_OK) {
//seems to have worked
}
There are even other error-codes you could check against, for example if the file was to big etc.
I'm trying to push a file to a Amazon s3 filebucket.
I'm posting the file through an html form.
I try to generate a path to the file like this($file is a part of a foreach, because i need to support multiple files in a form-submit.)
$file['tmp_name'].'/'.$file['name'];
this outputs a filepath like this
/Applications/MAMP/tmp/php/phpZDcVQv/pdf.pdf
/Applications/MAMP/tmp/php/ exists, but nothing is inside it. I have set access read and write for everyone to that folder.
I use a library to post the images to Amazon: https://github.com/tpyo/amazon-s3-php-class It also complains that the filepath i have provided doesn't exist. It's running a check like:
if (!file_exists($file) || !is_file($file) || !is_readable($file))
How come the files aren't added?
Am I referencing the wrong folder? The file with the code is in /web/projectname/
Someone on the internet said something unclear about php removing the temp-file directly. Is this after the response has been run? Do I need to address this in some way?
The most simple code that generates the problem:
foreach ($_FILES as $file) {
$filepath = $file['tmp_name'].'/'.$file['name'];
if(file_exists($filepath)){
echo 'true <br />';
}else{
echo 'false <br />';
}
}
This echo:es false even if files have been uploaded.
$filepath contains the path i described above.
as the manual states:
$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.
and
$_FILES['userfile']['name']
The original name of the file on the client machine.
this means that file_exists($file['tmp_name']) should be true.
The path $file['tmp_name'].'/'.$file['name'] is bogus, since $file['name'] is there only for informing you of the original name, but this name is not used while saving the uploaded file on the server.
So in your example /Applications/MAMP/tmp/php/phpZDcVQv is actually the uploaded file.
My Question is: "Does move_uploaded_file() automatically deletes the temporary uploaded file after successful move ?"
Just to get out of the confusion that do i need to do this:
// Successful upload
if ( move_uploaded_file($file['tmp_name'], $destination) ) {
unlink($file['tmp_name']);
return TRUE;
} else {
// Upload Failed
unlink($file['tmp_name']);
return FALSE;
}
Or is it not needed at all?
You do not need to manually unlink() the temporary file; PHP cleans up after itself after a successful upload. The function is called move_uploaded_file, not copy_uploaded_file.
Yes, it does.
http://php.net/manual/en/function.move-uploaded-file.php
Function description: This function checks to ensure that the file
designated by filename is a valid upload file (meaning that it was
uploaded via PHP's HTTP POST upload mechanism). If the file is valid,
it will be moved to the filename given by destination.
This sort of check is especially important if there is any chance that
anything done with uploaded files could reveal their contents to the
user, or even to other users on the same system.
So we see here:
If the file is valid, it will be moved to the filename given by destination.
Temporary File is Deleted Automatically. You dont have to delete it manually. move_uploaded_file function also not delete this temporary file.
I have searched far and wide on this one, but haven't really found a solution.
Got a client that wants music on their site (yea yea, I know..). The flash player grabs the single file called song.mp3 and plays it.
Well, I am trying to get functionality as to be able to have the client upload their own new song if they ever want to change it.
So basically, the script needs to allow them to upload the file, THEN overwrite the old file with the new one. Basically, making sure the filename of song.mp3 stays intact.
I am thinking I will need to use PHP to
1) upload the file
2) delete the original song.mp3
3) rename the new file upload to song.mp3
Does that seem right? Or is there a simpler way of doing this? Thanks in advance!
EDIT: I impimented UPLOADIFY and am able to use
'onAllComplete' : function(event,data) {
alert(data.filesUploaded + ' files uploaded successfully!');
}
I am just not sure how to point THAT to a PHP file....
'onAllComplete' : function() {
'aphpfile.php'
}
???? lol
a standard form will suffice for the upload just remember to include the mime in the form. then you can use $_FILES[''] to reference the file.
then you can check for the filename provided and see if it exists in the file system using file_exists() check for the file name OR if you don't need to keep the old file, you can use perform the file move and overwrite the old one with the new from the temporary directory
<?PHP
// this assumes that the upload form calls the form file field "myupload"
$name = $_FILES['myupload']['name'];
$type = $_FILES['myupload']['type'];
$size = $_FILES['myupload']['size'];
$tmp = $_FILES['myupload']['tmp_name'];
$error = $_FILES['myupload']['error'];
$savepath = '/yourserverpath/';
$filelocation = $svaepath.$name.".".$type;
// This won't upload if there was an error or if the file exists, hence the check
if (!file_exists($filelocation) && $error == 0) {
// echo "The file $filename exists";
// This will overwrite even if the file exists
move_uploaded_file($tmp, $filelocation);
}
// OR just leave out the "file_exists()" and check for the error,
// an if statement either way
?>
try this piece of code for upload and replace file
if(file_exists($newfilename)){
unlink($newfilename);
}
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newfilename);