Solved

Issue with file uploads

Posted on 2003-11-03
8
265 Views
Last Modified: 2008-03-06
Hi all;

I am trying to add a file submission aspect to a submission form, but I cannot get uploads to confirm they are uploaded:

---------------FORM-----------------------

<input type="hidden" name="MAX_FILE_SIZE" value="2048">
<input name="File" type="file" size="50">

----------------/FORM----------------------

---------------CODE------------------------

 if (isset($_FILES['File']['name']))
                        {
                                echo("File Uploaded\n");
                                print_r($_FILES['File']);
                        }
                        else
                        {
                                echo("no File Uploaded\n");
                                print_r($_FILES);
                        }

---------------/CODE---------------------------

-------------OUTPUT---------------------------
no File Uploaded
Array ( )
--------------/OUTPUT------------------------

Now I am new to file uploading, so maybe I am checking the wrong thing.
PHP is 4.2.2 on Apache 2, I will also need to check that the file is a zip file, not interested in uploads of anything else and will want to reject non-zip uploads.

Thanks all, big points cause I want a quick answer.
0
Comment
Question by:Squeebee
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Accepted Solution

by:
Fendrin earned 350 total points
ID: 9673737
instead of checking $_FILES['File']['name'], check the value of $_FILES['File']['error']. If it is anything other than 0, there is some sort of problem. the complete list of possible values is here:
http://us3.php.net/manual/en/features.file-upload.errors.php
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9673780
Ok, so far so good, I can check against error being 0 and I get a "File Uploaded" report. Now how can I check if the upload was a zip file?
0
 
LVL 3

Assisted Solution

by:red010knight
red010knight earned 150 total points
ID: 9673880
Well the later is easy enough
To check for zip file - do
$filename=$FILES['File']['name'];
$fileType=$substr($filename,-3);
if($fileType==='zip'){
  $isZip=true;
}else{
  $isZip=false;
}

if($isZip){
  download file
}else{
  display error
}

Also when you upload a file, you need to verify that the file doesn't currently exist in the location you are uploading to, if it does you'll definately have errors.

As to verifying the file is uploaded why not just check the folder you are uploading to with file_exists and is_file to make sure your system wasn't tricked when uploading a file.

So let me know, thanks
Red010Knght
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 17

Author Comment

by:Squeebee
ID: 9673910
Hmm, any way to avoid an extension spoof there? Ie can we check for a zip file by a method other then trusting the extension?
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674545
of course you can.

it's call "using magic numbers" (in clear, analysing the header of the binary file, like "PDF", "JPG" etc to deduce the real datafile type)
0
 
LVL 1

Expert Comment

by:helloAmerica
ID: 9674548
and I think you should RTFM about "uploading files" in the PHP online manual
0
 
LVL 17

Author Comment

by:Squeebee
ID: 9674764
I actually will just go with the extension check for now, as I have to approve posts anyway. Thanks for your help Fendrin and Red.
0
 
LVL 4

Expert Comment

by:Fendrin
ID: 9675890
No Problem, I like to help. Thanks for the A! btw, for type checking, try $FILES['file']['type'] to get the mime type.

btw, all of my answers are right in the manual: http://www.php.net/features.file-upload
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question