Uploading files Dr. Steven Bitner
Uploading files (chapter 19) http://kc-sce- sphp01.kc.umkc.edu/~bitners/dashboard.php
How does that work Several different approaches We'll only cover one to avoid confusion Steps follow
Server settings First things first Use phpinfo() again http://kc-sce-sphp01.kc.umkc.edu/~bitners/junk.php Look for: file_uploads max_file_uploads upload_max_filesize
Another superglobal $_GET,$_POST,$_REQUEST, and $_SERVER have a friend Called $_FILES Just like the others, it is created at the right time
Interface with users http://kc-sce- sphp01.kc.umkc.edu/~bitners/code.php?page=dashboard.p hp Two elements of note <input type = "hidden" name = "MAX_FILE_SIZE" value = "2000000" /> <input type = "file" name = "bestFileEver" />
Submit Of course don't forget your <form> and <button> tags Make sure that your form method is POST and that you set the action attribute to the file you intend to use for uploading <form action = "uploadMe.php" method = "POST" enctype= "multipart/form-data">
enctype? The enctype (encoding type) attribute for the form tag tells the browser that you will be including different encoding formats This is similar to the multipart information needed for mailing an attachment or including HTML in an email Without this attribute properly set, your script will fail
$_FILES is alive When the user clicks submit, the $_FILES superglobal arrray is created in much the same manner as $_POST is created
Where to store files Server directory – The book way (more sample code) pros: easiest approach, since the file system does this automatically less open to injection attacks cons: Much harder to control access File itself is stored separately from metadata Database – this is the way we'll discuss pros: Have total control over who can view cons: More complex to program Injection attacks can happen if you don't use prepared statements
Database storage of files Need a database table for storing files with: name – this will store the name of the file CHAR or VARCHAR size – to store the size of the file INT $_FILES['size'] is a quick bit of error checking to make sure that a file was uploaded type – in order to send the appropriate header, or include the correct data type in the form src attribute CHAR or VARCHAR content – the file itself any member of the BLOB family TINYBLOB – up to 2 8 bytes = 256B BLOB – up to 2 16 bytes = 64KB MEDIUMBLOB – up to 2 24 bytes = 16MB LONGBLOB – up to 2 32 bytes = 4GB
Uploading Like all of PHP , you can choose a functional or an object oriented approach You can hard code this functionality inline, but then the code is not re-usable http://kc-sce- sphp01.kc.umkc.edu/~bitners/code.php?page=resources/u ploader.php
Did it work? Check your database table directly kc-sce-sphp01.kc.umkc.edu:8888 If it's in there, you're almost done
Viewing We don't store files for the sake of wasting disk space Once again two approaches Display by encoding the data from the db and using the following image tag <img src="data:image/jpeg;base64,ENC_FILE" /> ENC_FILE above is the value returned from base64_encode ($file);
More common approach Use a script as an image src Send header from the script <img src="showImage.php?id=8" /> Tons of examples online Essentially, send the appropriate headers and then echo the content from the database
Recommend
More recommend
