Working with sessions and input type=file in a multi-page form

Posted on 2006-04-29
Last Modified: 2011-09-20

I need to make a multi-page form. One of the pages will have "input type=file" elements.
1. Is it possible to save these values in session variables for posting? Will the actual file upload somehow be done when I finally submit the whole form?
2. Regarding posting generally: How do I post session variables at the end of the process of the user filling in all the pages? Do I make a dummy form with hidden variables for all the variables previously saved as session variables?

Thank you
Question by:tr5
    LVL 6

    Accepted Solution


    As far as I know, it is not possible to save file-type variables across sessions directly. I'll explain. Let's say you have something like this:

    <form action="something.php" method="post" enctype="multipart/form-data">
    <input type="file" name="uploadFile" />
    <input type="submit" value="Submit" />

    When the user presses submit, two things will happen. First, the file will be uploaded automatically to a temporary directory and second an associative array that contains information about the file will be created in $_FILES. In our case, since we named the input field "uploadFile", you can access information about this file in $_FILES['uploadFile'].

    $_FILES['tmp_name'] == name/location of the temporary space that the file was uploaded to. Useful for moving it somewhere else.

    $_FILES['name'] == original name of file that was uploaded.

    $_FILES['size'] == size of file.

    $_FILES['error'] == the error code of whatever error happened. Zero means everything went well. Error codes:

    But the file itself is not stored in $_FILES. The file is stored in temporary web space on your webserver. As soon as the user uploads the file, it will save it to this temporary space, run your something.php file (the form action), and then automatically delete the file from temporary web space. So you have to move it somewhere in something.php if you actually want to keep in your web server. You would do this with this PHP command:

    copy($_FILES['uploadFile']['tmp_name'], $path . stripslashes($_FILES['uploadFile']['name']));

    ...where $path is the location of the folder you want to save it in. That will copy the file from its temporary location (which will be deleted) to a new location (which will not be deleted).


    When you say "at the end of the process of the user filling in all the pages," I take it that implies you have the user filling out <form>s. Well, for the lack of a better name, I'm going to continue calling your form action "something.php". In something.php, you would just have something like this:

    if ( isset($_POST['username']) )
        $_SESSION['username'] = $_POST['username'];

    You'd probably want to make it a lot more complex with that so you can validate things and whatnot, but in essence, if you want to save something across sessions, store it in $_SESSION['whatever'].

    And to make a suggestion, if you're going to have a couple different pages of forms for the user to submit, do any file uploading last--since, as I pointed out, you have only one shot to save the file before it's deleted from temporary space.
    LVL 16

    Expert Comment

    regarding question number 2, why would u need to post session variables anyway?????? u use $_POST to get data from the user, and usually u add it to db, mail it, or do whatever u want with it, now, u already have the data you want, why do u want to have it as POST ?????
    instead of having this query "select name from table1 where lname=$_POST['lname'], u can use select name from table1 where lname=$_SESSION['lname'] !!

    got me ?? i mean u already got the data, and if u must have in $_POST[] form, then make $_POST['lname'] = $_SESSION['lname']      (POST is an array after all)

    for question 1..... it is so tricky !!!

    Author Comment

    Thanks for the explanation.
    LVL 6

    Expert Comment

    Oh whoops, I hope you noticed my silly error. When I listed out the four different properties of $_FILES, the list should have looked like this:


    (Since we named it "uploadFile" in the HTML portion.) But I think that should have become clear with the rest of my comment.

    And as for you, dr_dedo, what on Earth do you mean when you ask, "why would u need to post session variables anyway??????" (You didn't need to use six question-marks; one will suffice.) There are myriad reasons anyone would want to do this! It is true that you usually do things with the $_POST variables like add them to databases, mail them, etc., but storing them across sessions is also a perfectly logical thing to do in a number of cases.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now