?
Solved

Uploading Files in PHP

Posted on 2006-06-16
9
Medium Priority
?
1,440 Views
Last Modified: 2012-08-14
Another day, another question about PHP. Right now I am trying to make a feature that allows special users upload PDF files to the website I am building. I have found some file uploading scripts on the Internet but I do not like how they work. So my question is, how can I create a form with a dialogue Open window that only supports PDF files, the PHP checks that its a PDF file and it gets uploaded to a specified folder. Code would be a great help.

Thank you for the help.

EDIT: my PHP version is 4.3.10
0
Comment
Question by:Linky
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:jmar_click
ID: 16921511
What don't you like about the scripts you've found on the internet? We can start from there.
Also, as far as I know, I don't think you can make the file select dialog box only accept PDF files, but after the file is selected, you can check to make sure that the file extension is one that you permit.
0
 
LVL 2

Author Comment

by:Linky
ID: 16921896
The thing I don't like is how some of them upload files but are incomplete. For example, this is one I found:

that is in a file called, upload.php

<?php
      $target = "upload/";
      $target = $target . basename( $_FILES['uploaded']['name']);
      $ok=1;

      //This is our size condition
      if ($uploaded_size > 350000)
      {
            echo "Your file is too large.<br>";
            $ok=0;
      }

      //This is our limit file type condition
      if ($uploaded_type == "text/php")
      {
            echo "No PHP files<br>";
            $ok=0;
      }

      //Here we check that $ok was not set to 0 by an error
      if ($ok==0)
      {
            echo "Sorry your file was not uploaded";
      }

      //If everything is ok we try to upload it
      else
      {
            if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
            {
                  echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            }
            else
            {
                  echo "Sorry, there was a problem uploading your file.";
            }
      }
?>

Here is the form in the other PHP file

<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

Here are the errors i get:


Notice: Undefined variable: uploaded_size in c:\program files\easyphp1-8\www\cebatech\upload.php on line 7

Notice: Undefined variable: uploaded_type in c:\program files\easyphp1-8\www\cebatech\upload.php on line 14

Notice: Undefined index: uploadedfile in c:\program files\easyphp1-8\www\cebatech\upload.php on line 31

And finally the site I got it from: http://php.about.com/od/advancedphp/ss/php_file_upload.htm
0
 
LVL 16

Accepted Solution

by:
dr_dedo earned 1000 total points
ID: 16921944
you can always do a type check on the uploaded file to detect its type and allow only pdf files

echo $_FILES['FILE_NAME']['type'] and this will print the file type,

you can filter uploaded files

if ($_FILES['FILE_NAME']['type']== "application/pdf"){
  ok with upload
}else {
abort upload and delete the temp file
}
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 16

Expert Comment

by:dr_dedo
ID: 16921958
note that these notices are because you got register global off (for security reasons)
instead of uploaded_type use $_FILES['FILE_NAME']['type']

etc...
0
 
LVL 2

Author Comment

by:Linky
ID: 16922068
Alright so using $_FILES['uploaded']['type'] == whatever works. Is there a similiar thing for size aswell? Because I would rather not have those Notice: errors or enable register globals.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922276
Alright the script I wrote seems to be working fine without any Notice: or globals. Thanks for the help guys, I'll divide up the points.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922286
Never mind. Only one person helped answer. Thanks dr dedo.
0
 
LVL 3

Expert Comment

by:jmar_click
ID: 16922347
yep yep...I could've fixed it, but ya know ;)

jk, good job dr_dedo , I think i've seen your posts in other questions.
0
 

Expert Comment

by:cgustaf
ID: 24445373
OK  I've got a problem with the same script.  It must be in the area addressed by dr_dedo because the script runs through the first part fine, but the final error message, "Sorry, there was a problem uploading your file.";  appears.

I tried to implement the fix by dr_dedo but could not make it work.

If I could have exact and explicit help with the piece of code needed to be fixed, I'd appreciate it -- i.e. if I could avoid having to guess what you mean.  Here is the script as I have it now :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
      font-family: Geneva, Arial, Helvetica, sans-serif;
      font-size: 12px;
}
-->
</style></head>

<body>
<table width="800" align="center">
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;

//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}

//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}

//This is the only file type allowed
if (!($uploaded_type=="application/pdf")) {
echo "You may only upload PDF files.<br>";
$ok=0;
}


//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?> &nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>

The form, and upload.php are in the same directory, and the uploaded file shold go to that directory as well.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question