Php file Upload principles in-depth analysis and understanding-php Tutorial

In-depth analysis and understanding of PHP file uploading principles

For more information about how php files are uploaded, see. Many php Tutorials introduce file upload. as we all know, php file upload is simple and efficient. I will analyze its principles for you today. // Use multipart/form-data encoding format $ _ FILES system functions; $ _ FILES ['myfile'] ['name'] file name $ _ FILES ['myfile'] ['type'] file type, the server restricts image/** image/x-pngapplication/x-zip-compressed $ _ FILES ['myfile'] ['size'] Upload File size $ _ FILES ['myfile '] ['tmp _ name'] Save the temporary file name after uploading the service $ _ FILES ['myfile'] ['error'] error code; 0 Success 1 exceeds php. ini size 2 exceeds the value specified by the MAX_FILE_SIZE option. 3. only part of the file is uploaded. 5. the size of the uploaded file is 0. Move_uploaded_file (temporary file, target location and file name); function is_uploaded_file (MIME) for moving the file to the target location after Upload ); Example of determining the upload MIME type: 1. html section 2. file upload code ----------------------------------------- Principle and implementation of PHP file upload 1. form 1: The post method is used for uploading File forms (not to mention the difference with get). also, enctype = 'multipart/form-data' is added '. 2. add the following hidden fields:In front of the file field. The value is the client byte limit for uploading files. It is said that the client wait time can be reduced when files exceed the threshold, but I don't think there is any difference. 3. for security reasons, file fields cannot be assigned values. If you enter a string in the file field and then press submit, this will not respond. When the second character is a colon (for example, a space following the colon can upload a "file" with a length of 0 bytes "), submit only agrees to the "service"-but this is the client's measure, which is as easy as MAX_FILE_SIZE. 2. copy a section of the file upload error Code First: the predefined variable $ _ FILES array has five contents: $ _ FILES ['userfile'] ['name'] -- original name of the client machine file $ _ FILES ['userfile'] ['type'] -- MIME type of the file $ _ FILES ['userfile'] ['size'] -- size of the uploaded file, in bytes $ _ FILES ['userfile'] ['tmp _ name'] -- temporary file name stored on the server after the file is uploaded $ _ FILES ['userfile'] ['error '] -- error code related to the file Upload $ _ FILES ['userfile'] ['error'] can have the following values and meanings: 0 -- no error occurs and the file is uploaded successfully. 1 -- the uploaded file exceeds the limit of the upload_max_filesize option in php. ini. 2 -- the size of the uploaded file exceeds the value specified by the MAX_FILE_SIZE option in the HTML form. 3 -- only part of the file is uploaded. 4 -- no file is uploaded. 1 ~ 3. "No file is uploaded" (4) indicates that the file field of the form has no content and is a null string. "File uploaded successfully" (0) does not necessarily mean there are files uploaded. For example, if you input "c:" to the file field, you can upload the file successfully. the error code is 0 and ['name'] is "c :", ['type'] is "application/octet-stream", ['size'] is 0, ['tmp _ name'] is "xxx. tmp "(xxx is the name of the server) 3. there are 1 factors limiting the size of the file to be uploaded. the MAX_FILE_SIZE value of the hidden domain of the client can be bypassed ). 2. the server upload_max_filesize, post_max_size, and memory_limit. These items cannot be configured with scripts. 3. Custom file size limit logic. Even if you can decide the limits on the server, you may need to consider them individually. Therefore, this restriction method is often necessary. One of the situations I met may not be universal. If the file size is much larger than the server-side limit (upload_max_filesize), but it is not reached or close to post_max_size or memory_limit, $ _ FILES will "crash" -- the result is that $ _ FILES ['userfile'] is changed to "Undefined index". of course, nothing can be done. The server-side restriction test takes precedence over the client-side restriction test. That is to say, if the two limits are the same and the file is too large, $ _ FILES ['userfile'] ['error'] will produce error code 1. Only when the client limit is less than the server limit to a certain extent, and the file size exceeds the two, error Code 2 will appear. (is this one of the reasons why MAX_FILE_SIZE does not play the expected role ?). The above "degree" is tested on my machine in 3 ~ Between 4 K-my server is limited to 2 M ...... Because there is no meaning, there is no pursuit of accurate rules. When error code 1 or 2 appears: $ _ FILES ['userfile'] ['name'] is the original name of the client machine file $ _ FILES ['userfile'] ['type'] is an empty string $ _ FILES ['userfile'] ['size'] is 0 $ _ FILES ['userfile'] ['tmp _ name'] is an empty string 4. check that the file field has no input and the error code is 4 (no file upload) $ _ FILES ['userfile'] ['name'] is an empty string. $ _ FILES ['userfile'] ['type'] is an empty string. $ _ FILES ['userfile'] ['size'] is 0 $ _ FILES ['userfile'] ['tmp _ name'] is an empty string. the file field is a non-file path string (client-side false "restriction is not considered. ), the error code is 0 ("uploaded successfully ") $ _ FILES ['userfile'] ['name'] is the original string $ _ FILES ['userfile'] ['type'] for application/octet-stream $ _ FILES [' userfile'] ['size'] is 0 $ _ FILES ['userfile'] ['tmp _ name'] a temporary file name. 5. The return value manual of is_uploaded_file () is used in bool is_uploaded_file (string filename) in fact, is_uploaded_file ($ _ FILES ['userfile'] ['name']); always returns FALSE. Later I saw someone using is_uploaded_file ($ _ FILES ['userfile'] ['tmp _ name']); Compare: file field without input ------ Return FALSE -- error => 4, name => '', tmp_name =>'', type => '', size => 0 file field Non-path string -- Return TRUE -- error => 0, name => 'XXX', tmp_name => 'yyy', type => 'zzz ', size => 0 file uploaded successfully ------ return TRUE -- error => 0, name => 'XXX', tmp_name => 'yyy', type => 'zzz ', size => sss file too large -------- FALSE -- error => 1, name => 'XXX', tmp_name => '', type => '', size => 0 file too large -------- FALSE -- error => 2, name => 'XXX', tmp_name => '', type => '', size => 0 file part Upload ------ no chance to test-error => 3 I doubt how this function works, but I still think it is better to use $ _ FILES ['userfile'] ['size. 6. check the order if ($ _ FILES ['userfile'] ['error']! = 4) {// upload a file if ($ _ FILES ['userfile'] ['error']! = 3) {// All uploaded if ($ _ FILES ['userfile'] ['error']! = 1) {// The Server file size limit is not exceeded. if ($ _ FILES ['userfile'] ['error']! = 2) {// The client file size limit is not exceeded. if ($ _ FILES ['userfile'] ['size']> 0) {// It is indeed a file if (......) {// custom file size check logic if (......) {// custom file type check logic if (move_uploaded_file ($ _ FILES ['userfile'] ['tmp _ name'],...) // move the file //..........} else give_a_message (...);} else give_a_message (...);} else give_a_message (...);} else give_a_message (...);} else give_a_message (...);} else give_a_message (...);} else give_a_message (...);} code: ------------------------------ 1), test. php: 2) upload. php "; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { print "File is valid, and was successfully uploaded. Here's some more debugging info:\n"; print_r($_FILES); } else { print "Possible file upload attack! Here's some debugging info:\n"; print_r($_FILES); } print " ";?>