Linky
asked on
Uploading Files in PHP
Another day, another question about PHP. Right now I am trying to make a feature that allows special users upload PDF files to the website I am building. I have found some file uploading scripts on the Internet but I do not like how they work. So my question is, how can I create a form with a dialogue Open window that only supports PDF files, the PHP checks that its a PDF file and it gets uploaded to a specified folder. Code would be a great help.
Thank you for the help.
EDIT: my PHP version is 4.3.10
Thank you for the help.
EDIT: my PHP version is 4.3.10
ASKER
The thing I don't like is how some of them upload files but are incomplete. For example, this is one I found:
that is in a file called, upload.php
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name' ]);
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type == "text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FI LES['uploa ded']['tmp _name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['n ame']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>
Here is the form in the other PHP file
<form enctype="multipart/form-da ta" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>
Here are the errors i get:
Notice: Undefined variable: uploaded_size in c:\program files\easyphp1-8\www\cebat ech\upload .php on line 7
Notice: Undefined variable: uploaded_type in c:\program files\easyphp1-8\www\cebat ech\upload .php on line 14
Notice: Undefined index: uploadedfile in c:\program files\easyphp1-8\www\cebat ech\upload .php on line 31
And finally the site I got it from: http://php.about.com/od/advancedphp/ss/php_file_upload.htm
that is in a file called, upload.php
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name'
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type == "text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FI
{
echo "The file ". basename( $_FILES['uploadedfile']['n
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>
Here is the form in the other PHP file
<form enctype="multipart/form-da
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>
Here are the errors i get:
Notice: Undefined variable: uploaded_size in c:\program files\easyphp1-8\www\cebat
Notice: Undefined variable: uploaded_type in c:\program files\easyphp1-8\www\cebat
Notice: Undefined index: uploadedfile in c:\program files\easyphp1-8\www\cebat
And finally the site I got it from: http://php.about.com/od/advancedphp/ss/php_file_upload.htm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
note that these notices are because you got register global off (for security reasons)
instead of uploaded_type use $_FILES['FILE_NAME']['type ']
etc...
instead of uploaded_type use $_FILES['FILE_NAME']['type
etc...
ASKER
Alright so using $_FILES['uploaded']['type' ] == whatever works. Is there a similiar thing for size aswell? Because I would rather not have those Notice: errors or enable register globals.
ASKER
Alright the script I wrote seems to be working fine without any Notice: or globals. Thanks for the help guys, I'll divide up the points.
ASKER
Never mind. Only one person helped answer. Thanks dr dedo.
yep yep...I could've fixed it, but ya know ;)
jk, good job dr_dedo , I think i've seen your posts in other questions.
jk, good job dr_dedo , I think i've seen your posts in other questions.
OK I've got a problem with the same script. It must be in the area addressed by dr_dedo because the script runs through the first part fine, but the final error message, "Sorry, there was a problem uploading your file."; appears.
I tried to implement the fix by dr_dedo but could not make it work.
If I could have exact and explicit help with the piece of code needed to be fixed, I'd appreciate it -- i.e. if I could avoid having to guess what you mean. Here is the script as I have it now :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style></head>
<body>
<table width="800" align="center">
<tr>
<td> </td>
</tr>
<tr>
<td><?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name' ]) ;
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//This is the only file type allowed
if (!($uploaded_type=="applic ation/pdf" )) {
echo "You may only upload PDF files.<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FI LES['uploa ded']['tmp _name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['n ame']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?> </td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</body>
</html>
The form, and upload.php are in the same directory, and the uploaded file shold go to that directory as well.
I tried to implement the fix by dr_dedo but could not make it work.
If I could have exact and explicit help with the piece of code needed to be fixed, I'd appreciate it -- i.e. if I could avoid having to guess what you mean. Here is the script as I have it now :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style></head>
<body>
<table width="800" align="center">
<tr>
<td> </td>
</tr>
<tr>
<td><?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name'
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//This is the only file type allowed
if (!($uploaded_type=="applic
echo "You may only upload PDF files.<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FI
{
echo "The file ". basename( $_FILES['uploadedfile']['n
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?> </td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</body>
</html>
The form, and upload.php are in the same directory, and the uploaded file shold go to that directory as well.
Also, as far as I know, I don't think you can make the file select dialog box only accept PDF files, but after the file is selected, you can check to make sure that the file extension is one that you permit.