This article was written by
Angela Bradley
The HTML Form
This script will allow you to upload files from your browser to your hosting, using PHP. The first thing we need to do is create an HTML form that allows people to choose the file they want to upload.
<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>
This form sends data to the file "upload.php", which is what we will be creating next to actually upload the file.
Uploading the File
The actual file upload is very simple:
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>
This very small piece of code will upload files sent to it by your HTML form.
1. The first line $target = "upload/"; is where we assign the folder that files will be uploaded to. As you can see in the second line, this folder is relative to the upload.php file. So for example, if your file was at www.yours.com/files/upload.php then it would upload files to www.yours.com/files/upload/yourfile.gif. Be sure you remember to create this folder!
2. We are not using $ok=1; at the moment but we will later in the tutorial.
3. We then move the uploaded file to where it belongs using move_uploaded_file (). This places it in the directory we specified at the beginning of our script. If this fails the user is given an error message, otherwise they are told that the file has been uploaded.
4. Limit the File Size
5. if ($uploaded_size > 350000)
6. {
7. echo "Your file is too large.<br>";
8. $ok=0;
9. }
10. Assuming that you didn't change the form field in our HTML form (so it is still named uploaded), this will check to see the size of the file. If the file is larger than 350k, they are given a file too large error, and we set $ok to equal 0.
11. You can change this line to be a larger or smaller size if you wish by changing 350000 to a different number. Or if you don't care about file size, just leave these lines out.
12. Limit Files by Type
13. if ($uploaded_type =="text/php")
14. {
15. echo "No PHP files<br>";
16. $ok=0;
17. }
18. The code above checks to be sure the user is not uploading a PHP file to your site. If they do upload a PHP file, they are given an error, and $ok is set to 0.
19. if (!($uploaded_type=="image/gif")) {
20. echo "You may only upload GIF files.<br>";
21. $ok=0;
22. }
23. In our second example we only allow users to upload .gif files, and all other types are given an error before setting $ok to 0. You can use these basic examples to allow or deny any specific file types.
24. Putting It Together
25. <?php
26. $target = "upload/";
27. $target = $target . basename( $_FILES['uploaded']['name']) ;
28. $ok=1;
29.
30. //This is our size condition
31. if ($uploaded_size > 350000)
32. {
33. echo "Your file is too large.<br>";
34. $ok=0;
35. }
36.
37. //This is our limit file type condition
38. if ($uploaded_type =="text/php")
39. {
40. echo "No PHP files<br>";
41. $ok=0;
42. }
43.
44. //Here we check that $ok was not set to 0 by an error
45. if ($ok==0)
46. {
47. Echo "Sorry your file was not uploaded";
48. }
49.
50. //If everything is ok we try to upload it
51. else
52. {
53. if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
54. {
55. echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
56. }
57. else
58. {
59. echo "Sorry, there was a problem uploading your file.";
60. }
61. }
62. ?>
63. Final Thoughts
64. Obviously if you are allowing file uploads you are leaving yourself open to people uploading lots of undesirable things. One precaution is not allowing them to upload any php, html, cgi, etc. files that could contain malicious code. This provides more safety but is not sure fire protection.
65. Another idea is to make the upload folder private, so that only you can see it. Then once you have seen what has been uploaded, you can approve (move) it or remove it. Depending on how many files you plan on receiving this could be time consuming and impractical.
In short, this script is probably best kept in a private folder. We don't recommend putting it somewhere where the public can use it, or you may end up with a server full of useless or potentially dangerous files. If you really want the general public to be able to utilize your server space, we suggest writing in as much security as possible.submitted by guest blogger
eric spice , Uk
No comments:
Post a Comment