• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1623
  • Last Modified:

XHR Request with FormData is POSTing an empty array

I am working on my own version of this.

Everything works, except the POSTed values are empty. var_dump on the PHP side shows an empty array. What's wrong?

function readfiles(files)
{
    console.log('Reading Files...');
    console.log(files);
    console.log("There are " + files.length + " elements to this array.");

    var formData = new FormData();
    formData.append('file', files[0]);
    console.log(formData);

    console.log("Posting XHR request...");
    // now post a new XHR request
    var xhr = new XMLHttpRequest();
    xhr.open('POST', '/devnull.php',false);

    console.log("sending data...");
    console.log(formData);
    xhr.send(formData);
}

$(document).ready(function(e) {
    $("#holder").on('dragenter',function(e) {
        e.preventDefault();         
        $(this).addClass('hover');
    });
    $("#holder").on('dragleave',function(e) {
        e.preventDefault();         
        $(this).removeClass('hover');
    });
    $("#holder").on('dragover',function(e) {
        e.preventDefault();         
        if(!($("#holder").hasClass('hover')))
            $("#holder").addClass('hover');
    });
    $("#holder").on('drop',function(e) {
        e.preventDefault();
        console.log(e.originalEvent.dataTransfer.files);
        $(this).removeClass('hover');
        readfiles(e.originalEvent.dataTransfer.files)           
        return false;
    });
});

Open in new window


Firebug tells me that there is an element in the array:

FileList { 0=File, length=1, item=item(), more...}

Open in new window


But after we append it to the FormData object, I get this:

FormData { append=append()}

Open in new window


And the final var_dump on the PHP side says this:

<pre>array(0) {
}
</pre>

Open in new window

0
DrDamnit
Asked:
DrDamnit
  • 3
  • 2
1 Solution
 
Ray PaseurCommented:
Michael:  I can't give a detailed answer without some additional study, but I can give a theoretical answer.  As a matter of security it should not be possible for any script to prepopulate the value of inputs of type=FILE.  If that could be done, a JavaScript routine could "steal" client data without permission or notice to the client.

Have you tried a PHP var_dump($_FILES)?

If you want to post the rest of the script, I'll install a copy and see if I can get any more insight.
0
 
DrDamnitAuthor Commented:
I AM SUCH AN IDIOT.

I have been battling with this for 2 hours.

$_FILES was the answer.

You sir, have kept me from jumping out the window.
0
 
Ray PaseurCommented:
I am proud to share idiot-space with you, the best of colleagues!  Let's come in off the ledge and have a glass of, say, 2007 Stags Leap Merlot.

Thanks for the points, ~Ray
0
 
DrDamnitAuthor Commented:
John:

To your prepopulation / security question: that was previously true; however, HTML5 has file system object (file reader). You can't go hog wild and maliciously search a user's hard drive, but with their interaction you can gail access to a jailed / sandboxed area.

Im my script above, I am volunteering a file, so the filereader can get it, pre-populate form data, and submit it. It's drag and drop.

it was working the whole time, but I was looking at $_POST instead of $_FILES because I have been coding for 12 hours straight, which turns your brains to mush.

There are number of security issues that have been taken into consideration in regards to the filesystem API in HTML5. As usual, OReilly has a book on it.

Highlights are here:
http://my.safaribooksonline.com/book/web-development/html/9781449311384/introduction/i_sect11_d1e378
0
 
Ray PaseurCommented:
The Merlot...
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now