file uploads chapter 11. the basic process 1.the html form displays the control to locate and upload...
TRANSCRIPT
FILE UPLOADSCHAPTER 11
THE BASIC PROCESS
1. The HTML form displays the control to locate and upload a file
2. Upon form submission, the server first stores the uploaded file in a temporary directory for validation
3. The php script then needs to copy the uploaded file to its intended directory
THE HTML
<form enctype="multipart/form-data" action="upload_image.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="2097152">
<p><b>Select File:</b>
<input type="file" name="upload"></p>
<input type="submit" name="submit" value="Submit">
</form>
For this enctype, the post method
must be used!
THE GLOBAL PHP $_FILES ARRAYThe first parameter is the variable name from the form's input file element
The second index can be any of the following:
• $_FILES['file']['name'] - the name of the uploaded file
• $_FILES['file']['type'] - the MIME (content) type of the uploaded file as
provided by the browser
• $_FILES['file']['size'] - the size in bytes of the uploaded file
• $_FILES['file']['tmp_name'] - the name of the temporary copy of the file
stored on the server
• $_FILES['file']['error'] - the error code resulting from the file upload
MIME TYPES
SECURITY ISSUES
For file uploads to be saved permanently, the containing directory needs to have write permissions assigned to it.
This means that virtually anyone can write to it.
A malicious user could save a problematic PHP script there.
But if it is outside of the public_html directory, it can't be run by a browser.
So create an uploads folder in your /home/usr/directory, and set permissions to 777, so that the files can be saved (written) there.
THE UPLOAD PHP
RECALL THE HTTP REQUEST/RESPONSE CYCLE
Request
Response
headers
DISPLAYING THE IMAGES
Because the images are stored outside of the public_html directory, they are not available to Web browsers
So these don't work:
• direct http:// reference • an HTML <img src = " "> tag
To make the content available through a web browser, you need a proxy script….
DISPLAYING THE IMAGES
A proxy script acts as the go-between from the user's browser to the images' location and back again.
In a response to a browser, there are a series of HTTP headers sent along with the HTML.
DISPLAYING THE IMAGES
The header () function:
There are several strings which can be used in the header function. The most common use is:
header('Location: http://…..'); which redirects the browser to a new page without requiring the user to click on anything.
This will be used in Chapter 12.
DISPLAYING THE IMAGESTo display images, we need three other headers:
header("Content-Type:….."); sends the MIME type of whatever follows
header("Content-Disposition: attachment; filename =\"somefile.xxx\"\n"); tells the browser to download the file. Alternatively, change attachment to inline to tell the browser to display the data.
header("Content-Length: xxx\n"); the size in bytes
HEADER FUNCTION
• When using headers, the code for the header() function call must come before anything is returned to the Web browser
• When multiple header calls are used in one script each should be terminated with \n
FUNCTIONS USED TO RETRIEVE AND DISPLAY IMAGES
scandir (string $dir) Returns an array of all files and directories found in the specified path
substr (string $string , int $start [, int $length ] )
Returns the portion of string specified by the start and length parameters
filesize (string $filename ) Returns the size of the file in bytes, or FALSE in case of an error
getimagesize (string $filename [, array &$imageinfo ]
Determines the size of any given image file and returns an array containing the dimensions along with the file type and a height/width text string to be used inside a normal HTML IMG tag and the corresponding HTTP content type
urlencode (string $str ) Returns a string in a format which is safe to pass in a URL
readfile (string $filename) Reads in a file and immediately sends the content to the Web browser
DISPLAYING THE IMAGES
Functions to use:
• scandir() - returns a list of files and directories as an array
The code:
$dir = '../../uploads'; // Define the directory to view.
echo $dir;
$files = scandir($dir); // Read all the images into an array.
DISPLAYING THE IMAGES
Process every image in the array skipping any hidden files which start with a period (non-Windows)
substr (string $string , int $start [, int $length ] )
Returns the portion of string specified by the start and length parameters.
foreach ($files as $image) {
if (substr($image, 0, 1) != '.') {
// Ignore anything starting with a period.
DISPLAYING THE IMAGES
getimagesize();
The getimagesize() function will determine the size of any given image file and return the dimensions along with the file type and a height/width text string to be used inside a normal HTML IMG tag and the corresponding HTTP content type.
DISPLAYING THE IMAGES// Get the image information
$info = getimagesize($image);
$fs = filesize($image);
// Send the content information:
header ("Content-Type: {$info['mime']}\n");
header ("Content-Disposition: inline; filename=\"$name\"\n");
header ("Content-Length: $fs\n");
// Send the file:
readfile ($image);
// There is no closing php tag intentionally to avoid sending //anything extra