Home > Backend Development > PHP Tutorial > File upload using PHP_PHP tutorial

File upload using PHP_PHP tutorial

WBOY
Release: 2016-07-21 16:11:05
Original
857 people have browsed it


A question often seen on WebDev sites is about file uploads. In this article I will explain how to implement file
upload using PHP. Designing the upload form

Our main goal is to upload files from the local computer to the server. In order to do this, we need to make a form that allows the user to select a file and submit it. Here is an example:



File upload form

< BODY>


ACTION=submit.php3
METHOD="POST">
< TR>
< ;TR>
< ;/TABLE>



Pay attention to the ENCTYPE="multipart/form-data" part in the table. This must not be wrong, otherwise the server will not know that you are
uploading files.

Design the upload program

Now that we have completed the front-end part, let us carefully consider how the back-end receives the file and saves it to the directory we specified
. Let’s start using PHP. This is the program of submit.php3:

If($MyFile != "none") {
copy($MyFile,"/home/berber/$MyFile_name");
unlink($MyFile);
}
else {
echo"You didn’t upload any files?;
}
?>

Believe it or not , this is the whole process. What we do in the program is:

1. Check whether a file has been uploaded to the server, through If($MyFile != "none");
2. Copy the file to the specified location.
3. Delete the temporary file.

When you click the submit button, the file will be uploaded from your computer to the temporary directory of the server. The file
is named a temporary file. It should be accessed using the name value of the file field, in this case $MyFile. The real file name is accessed using the name value of the file
field plus "_name", in Here is $MyFile_name. Use the copy() function to copy the temporary file $MyFile to the specified directory. The copied file is named $MyFile_name. Don’t forget to delete the temporary file after completion, otherwise you will have many errors.
Unwanted file.

Set file name

One thing that can keep programmers awake is trying to change the value of the VALUE attribute of a file field. Not many people know about it.
It's impossible. Although the W3C says it's possible, in fact, neither IE nor Netscape allow setting the value of the VAUE attribute. It sounds a bit ridiculous. Why can't I set an initial value so that the user can do it? Is it more convenient to use? If you do that, you will find that you have brought
a security vulnerability. You can imagine that you log in to my website and I can change the file field in a form. value.
So is it possible to prevent me from uploading your /etc/passwd file? Furthermore, I don’t need you to press the submit button. I can set the value of the file field first and then pass A JavaScript program to simulate the submission action... Wow... I can handle any
file on your machine. For this reason, the browser simply sets the VALUE field of the file field in the tag. Ignored.

Limit file size

Another cool feature is the option to limit the size of uploaded files. Just add an tag:



This will not allow users to upload files exceeding 100KB.

Display file size

In order to display the file size, it can be accessed by adding the "_size" variable to the name attribute value of the file field. In our example
just use $MyFile_size. So, if you want to tell the user the size of the uploaded file, you can do it like this:

echo "You have just uploaded $MyFile_name";
echo "The size of the file is $MyFile_size" ;

Permissions

Obviously you need write permissions on the target directory. If a user uploads files anonymously, his username should be
"bobody". This user must have write permission to the target directory otherwise you may get a message like the following:

Warning: Unable to create '/home/berber/berber.txt':
Permission denied
in /home/berber/submit.php3 on line 5

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/314015.htmlTechArticleA question often seen on WebDev sites is about file upload. In this article I will explain how to implement file upload using PHP. Designing the upload form Our main goal is to complete...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
Select upload fileTYPE="File">
TYPE="submit">