Solved

Issue with file uploads

Posted on 2003-11-03
8
273 Views
Last Modified: 2008-03-06
Hi all;

I am trying to add a file submission aspect to a submission form, but I cannot get uploads to confirm they are uploaded:

---------------FORM-----------------------

<input type="hidden" name="MAX_FILE_SIZE" value="2048">
<input name="File" type="file" size="50">

----------------/FORM----------------------

---------------CODE------------------------

 if (isset($_FILES['File']['name']))
                        {
                                echo("File Uploaded\n");
                                print_r($_FILES['File']);
                        }
                        else
                        {
                                echo("no File Uploaded\n");
                                print_r($_FILES);
                        }

---------------/CODE---------------------------

-------------OUTPUT---------------------------
no File Uploaded
Array ( )
--------------/OUTPUT------------------------

Now I am new to file uploading, so maybe I am checking the wrong thing.
PHP is 4.2.2 on Apache 2, I will also need to check that the file is a zip file, not interested in uploads of anything else and will want to reject non-zip uploads.

Thanks all, big points cause I want a quick answer.
0
Comment
Question by:Squeebee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Accepted Solution

by:
Fendrin earned 350 total points
ID: 9673737
instead of checking $_FILES['File']['name'], check the value of $_FILES['File']['error']. If it is anything other than 0, there is some sort of problem. the complete list of possible values is here:
http://us3.php.net/manual/en/features.file-upload.errors.php
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9673780
Ok, so far so good, I can check against error being 0 and I get a "File Uploaded" report. Now how can I check if the upload was a zip file?
0
 
LVL 3

Assisted Solution

by:red010knight
red010knight earned 150 total points
ID: 9673880
Well the later is easy enough
To check for zip file - do
$filename=$FILES['File']['name'];
$fileType=$substr($filename,-3);
if($fileType==='zip'){
  $isZip=true;
}else{
  $isZip=false;
}

if($isZip){
  download file
}else{
  display error
}

Also when you upload a file, you need to verify that the file doesn't currently exist in the location you are uploading to, if it does you'll definately have errors.

As to verifying the file is uploaded why not just check the folder you are uploading to with file_exists and is_file to make sure your system wasn't tricked when uploading a file.

So let me know, thanks
Red010Knght
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 17

Author Comment

by:Squeebee
ID: 9673910
Hmm, any way to avoid an extension spoof there? Ie can we check for a zip file by a method other then trusting the extension?
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674545
of course you can.

it's call "using magic numbers" (in clear, analysing the header of the binary file, like "PDF", "JPG" etc to deduce the real datafile type)
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674548
and I think you should RTFM about "uploading files" in the PHP online manual
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9674764
I actually will just go with the extension check for now, as I have to approve posts anyway. Thanks for your help Fendrin and Red.
0
 
LVL 4

Expert Comment

by:Fendrin
ID: 9675890
No Problem, I like to help. Thanks for the A! btw, for type checking, try $FILES['file']['type'] to get the mime type.

btw, all of my answers are right in the manual: http://www.php.net/features.file-upload
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question