jeffg Posted February 27, 2008 Share Posted February 27, 2008 Please can you tell me what is wrong with the following HTML code: echo "<FORM ACTION = \"$self\" METHOD = \"POST\"> <INPUT TYPE = \"HIDDEN\" NAME = \"posted\" VALUE = \"done\"> <FIELDSET> <TABLE ALIGN=\"CENTER\"> <TR><TD><INPUT TYPE=\"FILE\" NAME=\"filename\"></TD></TR> <TR><TD ALIGN=\"CENTER\"><INPUT TYPE=\"SUBMIT\" VALUE=\"Load\"></TD></TR> </TABLE>"; if ($nofile) echo "<P><CENTER><FONT COLOR=\"RED\">Please enter a file name.</FONT></CENTER>"; elseif ($noopen) echo "<P><CENTER><FONT COLOR=\"RED\">File $filename could not be opened.</FONT></CENTER>"; echo "</FIELDSET></FORM>"; If I browse to a file, IE7 returns the complete path (as shown in the text box), but FF only returns the file name (i.e. after the last '\' - so fopen doesn't find the file). If I enter C:\foo\bar in the text box, IE7 returns 'C:\foo\bar', but FF only returns 'bar'. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 27, 2008 Share Posted February 27, 2008 That's just a difference in how the browsers use the file input, but it shouldn't be an issue. You shouldn't be using fopen anyway with a file input, you should be using move_uploaded_file to first move the uploaded file somewhere where you can save it, then you can use fopen on the new file. If you're trying to take the value of the file input and use fopen on that, it's not going to work (or, more specifically, it will only work if you're browsing from the server using IE). Check here:http://www.php.net/manual/en/features.file-upload.php Link to comment Share on other sites More sharing options...
Jack McKalling Posted February 27, 2008 Share Posted February 27, 2008 You could use basename() in php to cut off all path information if available of an uploaded filename, leaving only the filename with its extension. This way, uploading in IE or in FF will result in exactly the same filename string in the end. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 27, 2008 Share Posted February 27, 2008 You shouldn't even use the value from the file input at all. The $_FILES array will contain both the original filename and the temporary file on the server, you can use those. Link to comment Share on other sites More sharing options...
Jack McKalling Posted February 27, 2008 Share Posted February 27, 2008 Does $_FILES['...']['name'] always contain the basename then? I experienced otherwise, but I could be wrong. It is always wise to use basename() on any path you encounter in script anyway though. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 27, 2008 Share Posted February 27, 2008 Yes, the filename does not include any path information. The server only needs to know the name of the file, the path where it came from is not important. No matter which browser is used, the filename element only contains the original filename, no path information. You can test with this: <?phpif (isset($_FILES['test'])) var_dump($_FILES['test']);?><html> <head> <title>Upload Test</title> </head> <body> <form method="post" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> <input type="file" name="test"> <input type="submit" value="Upload"> </form> </body></html> If you can find a situation where the name includes path information I would be interested to know. Link to comment Share on other sites More sharing options...
jeffg Posted February 27, 2008 Author Share Posted February 27, 2008 Thanks for all the replies. Can you tell this is the first time I have tried to use <input type="file"...>? (And sorry for posting in the wrong forum - I had assumed it was an HTML, not a PHP problem). Link to comment Share on other sites More sharing options...
justsomeguy Posted February 27, 2008 Share Posted February 27, 2008 Yeah, it's a common issue. File uploads aren't accessed using $_POST, there is a $_FILES array just for them. Link to comment Share on other sites More sharing options...
jeffg Posted February 28, 2008 Author Share Posted February 28, 2008 Another related question: is input type='file' restricted to file uploads? Can I do this the other way round, i.e. have the server send some data to the user on request, where the user has browsed to a local file to store the data in? Link to comment Share on other sites More sharing options...
Jack McKalling Posted February 28, 2008 Share Posted February 28, 2008 No, a webapplication cannot write data into any file on the computer of a visitor. It is from the eyes of the visitor sort of a security issue if the website is able to write anything into his computer :)However, no file input needed, the application IS able to create a new file on the server and to send it forced for downloading to the browser Leaving the choice to the visitor if he or she accepts it and under what name. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.