PHP File Upload process and various related considerations
HTML Basics
Submit through POST form
PHP Upload steps
- The client submits the form through http post.
- After the file is uploaded, it is stored in the default temporary directory. You can configure the php. ini attributes upload_tmp_dir and the PHP runtime environment variable TMPDIR to set the temporary directory. The putenv setting function in php is invalid.
- Use move_upload_file to move the upload from the temporary directory to the specified location (this step is not required if upload_tmp_dir has been set to the specified location)
- If the form does not select to upload FILES $ _ FILES ['userfile'] ['type'] = "", $ _ FILES ['userfile'] ['SIZE'] = 0
Global predefined variables related to PHP
- $ _ POST [array] is used to obtain parameters submitted in form POST mode.
- $ _ FILES [array]
- $ _ FILES ['userfile'] ['name'] original name of the client machine userfile = name attribute in the input control
- $ _ FILES ['userfile'] ['type'] File MIME type
- $ _ FILES ['userfile'] ['SIZE'] size of the uploaded file (in bytes)
- $ _ FILES ['userfile'] ['tmp _ name'] temporary file name stored on the server after the file is uploaded
- $ _ FILES ['userfile'] ['error'] error Code related to the File Upload
PHP Functions
- Is_upload_file (string $ filename) determines whether the file is uploaded through http post.
- Move_upload_file ($ file, $ des) moves the uploaded file to a new location and checks whether the file is a valid file.
The file names involved in the parameters are all absolute paths.
Php. ini settings
- File_uploads [boolean] whether HTTP File Upload is allowed
- Upload_max_filesize [integer] maximum size of the file to be uploaded. The default value is 2 MB.
- Post_max_size [integer] maximum size allowed by POST data. value> upload_max_filesize
- Memory_limit [integer] This value> post_max_size
- Max_input_time [integer] the upload time starts when the script is executed, and all data reaches the server end. The default value is 60 s.
- Upload_tmp_dir [string] temporary directory for file upload and storage. The PHP process owner can write permission.
- Max_execution_time [integer] script execution time, which is not included in system call, sleep, database query, and file upload time
Error Message
- [0] UPLOAD_ERR_ OK File Uploaded successfully
- [1] the upload of the UPLOAD_ERR_INI_SIZE file exceeds UPLOAD_MAX_SIZE.
- [2] UPLOAD_ERR_FORM_SIZE the size of the uploaded file exceeds MAX_FILE_SIZE
- [3] part of UPLOAD_ERR_PARTIAL File Uploaded successfully
- [4] No file is uploaded in UPLOAD_ERR_NO_FILE.
- [6] The Temporary Folder cannot be found in UPLOAD_ERR_NO_TMP_DIR.
- [7] An error occurred while writing the UPLOAD_ERR_CANT_WRITE file.
PHP server upload security Processing
- Suffix check
- Size Limit
- Content-Type check
- If the image uses getimagesize for file type check
- Set the application directory and upload directory access permissions on the server.
Articles you may be interested in
- PHP analyzes the file header information to determine the type of the uploaded file
- PHP File Upload configuration tutorial
- Jquery + html + php implement Ajax without refreshing File Upload
- PHP is the safest and most practical solution to determine the type of uploaded files
- Php implements batch file compression, packaging, and downloading
- Php obtains all the files in the directory and saves the results to the array program.
- Php determines whether the string is full of English, pure Chinese, and a combination of Chinese and English
- Powerful PHP image processing class (watermark, transparency, zoom, sharpen, rotate, flip, cut, reversed)