Solved

Uploading Files in PHP

Posted on 2006-06-16
9
1,422 Views
Last Modified: 2012-08-14
Another day, another question about PHP. Right now I am trying to make a feature that allows special users upload PDF files to the website I am building. I have found some file uploading scripts on the Internet but I do not like how they work. So my question is, how can I create a form with a dialogue Open window that only supports PDF files, the PHP checks that its a PDF file and it gets uploaded to a specified folder. Code would be a great help.

Thank you for the help.

EDIT: my PHP version is 4.3.10
0
Comment
Question by:Linky
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:jmar_click
ID: 16921511
What don't you like about the scripts you've found on the internet? We can start from there.
Also, as far as I know, I don't think you can make the file select dialog box only accept PDF files, but after the file is selected, you can check to make sure that the file extension is one that you permit.
0
 
LVL 2

Author Comment

by:Linky
ID: 16921896
The thing I don't like is how some of them upload files but are incomplete. For example, this is one I found:

that is in a file called, upload.php

<?php
      $target = "upload/";
      $target = $target . basename( $_FILES['uploaded']['name']);
      $ok=1;

      //This is our size condition
      if ($uploaded_size > 350000)
      {
            echo "Your file is too large.<br>";
            $ok=0;
      }

      //This is our limit file type condition
      if ($uploaded_type == "text/php")
      {
            echo "No PHP files<br>";
            $ok=0;
      }

      //Here we check that $ok was not set to 0 by an error
      if ($ok==0)
      {
            echo "Sorry your file was not uploaded";
      }

      //If everything is ok we try to upload it
      else
      {
            if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
            {
                  echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            }
            else
            {
                  echo "Sorry, there was a problem uploading your file.";
            }
      }
?>

Here is the form in the other PHP file

<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

Here are the errors i get:


Notice: Undefined variable: uploaded_size in c:\program files\easyphp1-8\www\cebatech\upload.php on line 7

Notice: Undefined variable: uploaded_type in c:\program files\easyphp1-8\www\cebatech\upload.php on line 14

Notice: Undefined index: uploadedfile in c:\program files\easyphp1-8\www\cebatech\upload.php on line 31

And finally the site I got it from: http://php.about.com/od/advancedphp/ss/php_file_upload.htm
0
 
LVL 16

Accepted Solution

by:
dr_dedo earned 250 total points
ID: 16921944
you can always do a type check on the uploaded file to detect its type and allow only pdf files

echo $_FILES['FILE_NAME']['type'] and this will print the file type,

you can filter uploaded files

if ($_FILES['FILE_NAME']['type']== "application/pdf"){
  ok with upload
}else {
abort upload and delete the temp file
}
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 16

Expert Comment

by:dr_dedo
ID: 16921958
note that these notices are because you got register global off (for security reasons)
instead of uploaded_type use $_FILES['FILE_NAME']['type']

etc...
0
 
LVL 2

Author Comment

by:Linky
ID: 16922068
Alright so using $_FILES['uploaded']['type'] == whatever works. Is there a similiar thing for size aswell? Because I would rather not have those Notice: errors or enable register globals.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922276
Alright the script I wrote seems to be working fine without any Notice: or globals. Thanks for the help guys, I'll divide up the points.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922286
Never mind. Only one person helped answer. Thanks dr dedo.
0
 
LVL 3

Expert Comment

by:jmar_click
ID: 16922347
yep yep...I could've fixed it, but ya know ;)

jk, good job dr_dedo , I think i've seen your posts in other questions.
0
 

Expert Comment

by:cgustaf
ID: 24445373
OK  I've got a problem with the same script.  It must be in the area addressed by dr_dedo because the script runs through the first part fine, but the final error message, "Sorry, there was a problem uploading your file.";  appears.

I tried to implement the fix by dr_dedo but could not make it work.

If I could have exact and explicit help with the piece of code needed to be fixed, I'd appreciate it -- i.e. if I could avoid having to guess what you mean.  Here is the script as I have it now :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
      font-family: Geneva, Arial, Helvetica, sans-serif;
      font-size: 12px;
}
-->
</style></head>

<body>
<table width="800" align="center">
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;

//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}

//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}

//This is the only file type allowed
if (!($uploaded_type=="application/pdf")) {
echo "You may only upload PDF files.<br>";
$ok=0;
}


//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?> &nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>

The form, and upload.php are in the same directory, and the uploaded file shold go to that directory as well.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to obtain the string from a PHP StdObject ? 6 33
Number of reviews not counting correctly 2 22
PHP and MSSQL Arrays and Variables 3 25
php error 26 28
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question