[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Working with sessions and input type=file in a multi-page form


I need to make a multi-page form. One of the pages will have "input type=file" elements.
1. Is it possible to save these values in session variables for posting? Will the actual file upload somehow be done when I finally submit the whole form?
2. Regarding posting generally: How do I post session variables at the end of the process of the user filling in all the pages? Do I make a dummy form with hidden variables for all the variables previously saved as session variables?

Thank you
  • 2
1 Solution

As far as I know, it is not possible to save file-type variables across sessions directly. I'll explain. Let's say you have something like this:

<form action="something.php" method="post" enctype="multipart/form-data">
<input type="file" name="uploadFile" />
<input type="submit" value="Submit" />

When the user presses submit, two things will happen. First, the file will be uploaded automatically to a temporary directory and second an associative array that contains information about the file will be created in $_FILES. In our case, since we named the input field "uploadFile", you can access information about this file in $_FILES['uploadFile'].

$_FILES['tmp_name'] == name/location of the temporary space that the file was uploaded to. Useful for moving it somewhere else.

$_FILES['name'] == original name of file that was uploaded.

$_FILES['size'] == size of file.

$_FILES['error'] == the error code of whatever error happened. Zero means everything went well. Error codes:

But the file itself is not stored in $_FILES. The file is stored in temporary web space on your webserver. As soon as the user uploads the file, it will save it to this temporary space, run your something.php file (the form action), and then automatically delete the file from temporary web space. So you have to move it somewhere in something.php if you actually want to keep in your web server. You would do this with this PHP command:

copy($_FILES['uploadFile']['tmp_name'], $path . stripslashes($_FILES['uploadFile']['name']));

...where $path is the location of the folder you want to save it in. That will copy the file from its temporary location (which will be deleted) to a new location (which will not be deleted).


When you say "at the end of the process of the user filling in all the pages," I take it that implies you have the user filling out <form>s. Well, for the lack of a better name, I'm going to continue calling your form action "something.php". In something.php, you would just have something like this:

if ( isset($_POST['username']) )
    $_SESSION['username'] = $_POST['username'];

You'd probably want to make it a lot more complex with that so you can validate things and whatnot, but in essence, if you want to save something across sessions, store it in $_SESSION['whatever'].

And to make a suggestion, if you're going to have a couple different pages of forms for the user to submit, do any file uploading last--since, as I pointed out, you have only one shot to save the file before it's deleted from temporary space.
regarding question number 2, why would u need to post session variables anyway?????? u use $_POST to get data from the user, and usually u add it to db, mail it, or do whatever u want with it, now, u already have the data you want, why do u want to have it as POST ?????
instead of having this query "select name from table1 where lname=$_POST['lname'], u can use select name from table1 where lname=$_SESSION['lname'] !!

got me ?? i mean u already got the data, and if u must have in $_POST[] form, then make $_POST['lname'] = $_SESSION['lname']      (POST is an array after all)

for question 1..... it is so tricky !!!
tr5Author Commented:
Thanks for the explanation.
Oh whoops, I hope you noticed my silly error. When I listed out the four different properties of $_FILES, the list should have looked like this:


(Since we named it "uploadFile" in the HTML portion.) But I think that should have become clear with the rest of my comment.

And as for you, dr_dedo, what on Earth do you mean when you ask, "why would u need to post session variables anyway??????" (You didn't need to use six question-marks; one will suffice.) There are myriad reasons anyone would want to do this! It is true that you usually do things with the $_POST variables like add them to databases, mail them, etc., but storing them across sessions is also a perfectly logical thing to do in a number of cases.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now