Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issue with file uploads

Posted on 2003-11-03
8
Medium Priority
?
281 Views
Last Modified: 2008-03-06
Hi all;

I am trying to add a file submission aspect to a submission form, but I cannot get uploads to confirm they are uploaded:

---------------FORM-----------------------

<input type="hidden" name="MAX_FILE_SIZE" value="2048">
<input name="File" type="file" size="50">

----------------/FORM----------------------

---------------CODE------------------------

 if (isset($_FILES['File']['name']))
                        {
                                echo("File Uploaded\n");
                                print_r($_FILES['File']);
                        }
                        else
                        {
                                echo("no File Uploaded\n");
                                print_r($_FILES);
                        }

---------------/CODE---------------------------

-------------OUTPUT---------------------------
no File Uploaded
Array ( )
--------------/OUTPUT------------------------

Now I am new to file uploading, so maybe I am checking the wrong thing.
PHP is 4.2.2 on Apache 2, I will also need to check that the file is a zip file, not interested in uploads of anything else and will want to reject non-zip uploads.

Thanks all, big points cause I want a quick answer.
0
Comment
Question by:Squeebee
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Accepted Solution

by:
Fendrin earned 1400 total points
ID: 9673737
instead of checking $_FILES['File']['name'], check the value of $_FILES['File']['error']. If it is anything other than 0, there is some sort of problem. the complete list of possible values is here:
http://us3.php.net/manual/en/features.file-upload.errors.php
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9673780
Ok, so far so good, I can check against error being 0 and I get a "File Uploaded" report. Now how can I check if the upload was a zip file?
0
 
LVL 3

Assisted Solution

by:red010knight
red010knight earned 600 total points
ID: 9673880
Well the later is easy enough
To check for zip file - do
$filename=$FILES['File']['name'];
$fileType=$substr($filename,-3);
if($fileType==='zip'){
  $isZip=true;
}else{
  $isZip=false;
}

if($isZip){
  download file
}else{
  display error
}

Also when you upload a file, you need to verify that the file doesn't currently exist in the location you are uploading to, if it does you'll definately have errors.

As to verifying the file is uploaded why not just check the folder you are uploading to with file_exists and is_file to make sure your system wasn't tricked when uploading a file.

So let me know, thanks
Red010Knght
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 17

Author Comment

by:Squeebee
ID: 9673910
Hmm, any way to avoid an extension spoof there? Ie can we check for a zip file by a method other then trusting the extension?
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674545
of course you can.

it's call "using magic numbers" (in clear, analysing the header of the binary file, like "PDF", "JPG" etc to deduce the real datafile type)
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674548
and I think you should RTFM about "uploading files" in the PHP online manual
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9674764
I actually will just go with the extension check for now, as I have to approve posts anyway. Thanks for your help Fendrin and Red.
0
 
LVL 4

Expert Comment

by:Fendrin
ID: 9675890
No Problem, I like to help. Thanks for the A! btw, for type checking, try $FILES['file']['type'] to get the mime type.

btw, all of my answers are right in the manual: http://www.php.net/features.file-upload
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question