Jump to content
Sign in to follow this  
Truman

Handling file uploads

Recommended Posts

I wrote this correct code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Upload a File</title>
</head>
<body>
<?php // Script 11.4 - upload_file.php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  if (move_uploaded_file($FILES['the_file']['tmp_name'],"../uploads/{$_FILES['the_file']['name']}")) {
    print '<p>Your file has been uploaded.</p>';
  } else {
    print '<p style="color:red;">Your file could not be uploaded because: ';
	switch($_FILES['the_file']['error']) {
	case 1:
	  print 'The file exeeds upload_max_filesize setting in php.ini';
	  break;
	case 2:
	  print 'The file exeeds MAX_FILE_SIZE setting in the HTML form';
	  break;
	case 3:
	  print 'The file was only partially uploaded';
	  break;
	case 4:
	  print 'No file was uploaded.';
	  break;
	case 6:
	  print 'The temporary folder does not exist.';
	default:
	  print 'Somethin unforseen happened.';
	  break;
	  print '.</p>';
	}
  }
}
?>
<form action="upload_file.php" enctype="multipart/form-data" method="post">
 <p>Upload a file using this form: </p>
 <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
 <p><input type="file" name="the_file" /></p>
 <p><input type="submit" name="submit" value="Upload this file" /></p>
</form>
</body>
</html>

I ran this code through browser, uploaded a file that I named 'the_file' and I received error 6:

Your file could not be uploaded because: Something unforseen happened.

 

Is there something that I'm missing here?

Share this post


Link to post
Share on other sites

You forgot a break; after case 6.

 

You should put print '.</p>'; outside of the switch statement.

 

If there's no temporary folder then you'll have to set up your server to provide PHP with a temporary folder for uploaded files.

Share this post


Link to post
Share on other sites

It seems silly to me to have a hidden input specify MAX_FILE_SIZE. You should put enforced limits and validation in your Php code where they will be safe from any possibility of external manipulation. I see you do have a php.ini limit. Where do you test the file type?

Share this post


Link to post
Share on other sites

You forgot a break; after case 6.

 

You should put print '.</p>'; outside of the switch statement.

 

If there's no temporary folder then you'll have to set up your server to provide PHP with a temporary folder for uploaded files.

After making those changes I still receive the same note. I use XAMPP server, can you please shortly explain me how to set it up?

Share this post


Link to post
Share on other sites

You should test for upload errors before trying to move the uploaded file. You left out a couple error codes also, one of which might be the problem:

 

http://php.net/manual/en/features.file-upload.errors.php

After adding error 7 and error 8 I still receive the default error message.

Edited by Truman

Share this post


Link to post
Share on other sites

Have you seen what error code is actually being used?

 

You can update the default message to show it:

default:
     print 'Something unforeseen happened. Error code: ' . $_FILES['the_file']['error'];

Share this post


Link to post
Share on other sites

What if ../uploads does not exist?

 

--update edit--

 

Yes, this would definitely cause a failure.

  $target_dir = "../uploads/";
  if (!file_exists($target_dir)){
     mkdir($target_dir);
  }
  if (move_uploaded_file($FILES['the_file']['tmp_name'],"{$target_dir}{$_FILES['the_file']['name']}")) {

Share this post


Link to post
Share on other sites

I'm beginning to suspect that Php is written by mentally ill people. That MAX_FILE_SIZE suggestion is straight from their recommended approach here...

 

http://php.net/manual/en/features.file-upload.post-method.php

 

...where they then say...

 

 

Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application.

 

No it isn't a "convenience feature" -- it is "a stupid suggestion."

Share this post


Link to post
Share on other sites

If move_uploaded_file returns false then it should also output an error message. Make sure you have all errors enabled:

 

ini_set('display_errors', 1);
error_reporting(E_ALL);

Share this post


Link to post
Share on other sites

I see the problem. Your code has $FILES rather than $_FILES.

 

But also the uploads directory must exist, as I mentioned above.

Share this post


Link to post
Share on other sites

I see the problem. Your code has $FILES rather than $_FILES.

 

But also the uploads directory must exist, as I mentioned above.

Actually this '$FILES' was a mistake, when I corrected it worked! I already made uploads directory for this purpose.

 

I will also take a look on other suggestions that you and your colleagues gave me on this topic.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...