This feature enables users to upload text and binary files. With PHP's authentication and file manipulation functions, you have full control over which people are allowed to upload and what to do with the file upload.
PHP can accept any uploaded files from browsers that meet the RFC-1867 standard (including Netscape Navigator 3 and later, patched Microsoft Internet Explorer 3 or later).
Note: Related Settings
See PHP.ini's File_uploads,upload_max_filesize,upload_tmp_dirpost_max_size and max_input_time settings options.
Example #1 File Upload Form
You can create a special form to support file uploads as follows:
<!--the data encoding type, enctype, must be specified as below--><form enctype= "Multipart/form-data" action= "_ _url__ "method=" POST "> <!--max_file_size must precede the FILE input field-- <input type=" hidden " Name= "max_file_size" value= "30000"/> <!--name of INPUT element determines name in $_files array--- Sen D This file: <input name= "UserFile" type= "file"/> <input type= "Submit" value= "Send file"/></form >
The __url__ in the above example should be replaced, pointing to a real PHP file.
Max_file_size hidden Fields (in bytes) must precede the file input field with a value of the maximum size of the received file. This is a suggestion for the browser, PHP will also check this. This setting can be bypassed easily on the browser side, so do not expect this feature to block large files. In fact, the maximum upload file value in PHP settings is not invalidated. However, it is best to add this item to the form because it avoids the hassle of having to wait for a large file to be uploaded before the user discovers that the file is too large to upload.
Attention:
To ensure that the file upload form's properties are Enctype= "Multipart/form-data", the file cannot be uploaded.
Global variables $_files from PHP 4.1.0 (replaced with $HTTP _post_files in earlier versions). This array contains all the uploaded file information.
The contents of the $_files array in the example above are shown below. We assume that the name of the File upload field is UserFile, as shown in the example above. Names can be arbitrarily named.
$_files[' UserFile ' [' Name ']
The original name of the client machine file.
$_files[' userfile ' [' type ']
The MIME type of the file, if the browser provides this information. An example is "Image/gif". However, this MIME type is not checked on the PHP side, so do not assume this value is assumed.
$_files[' userfile ' [' Size ']
The size of the uploaded file, in bytes.
$_files[' UserFile ' [' Tmp_name ']
Temporary file names stored on the server after the files have been uploaded.
$_files[' userfile ' [' Error ']
The error code associated with the file upload. This item was added in version PHP 4.2.0.
When the file is uploaded, it is stored in the default temp directory on the server side by default, unless the Upload_tmp_dir in php.ini is set to a different path. The default temp directory on the server can be reset by changing the environment variable TMPDIR of the PHP runtime, but setting it up inside a PHP script by running the putenv () function is not working. This environment variable can also be used to confirm that other operations are also performed on the uploaded file.
Example #2 make File upload effective
Please refer to Functions Is_uploaded_file () and Move_uploaded_file () for further information. The following example processes file uploads that are provided by the form.
<?php//before the PHP4.1.0 version, you should use $http_post_files instead of $_files. $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir. basename ($_files[' userfile ' [' name ']); Echo ' <pre> '; if (Move_uploaded_file ($_files[' userfile ' [' Tmp_name '], $uploadfile) { echo "file is valid, and was successfully uploaded.\n";} else { echo "Possible File upload attack! \ n ";} Echo ' Here's some more debugging info: ';p rint_r ($_files);p rint "</pre>";? >
The PHP script that accepts the uploaded file should implement any logically necessary checks in order to decide what to do with the file next. For example, you can use the $_files[' userfile ' [' size '] variable to exclude files that are too large or too small, or you can exclude file types and files that do not conform to a standard by $_files[' userfile ' [' type '] variables, But just consider this as the first step in a series of checks, because this value is completely controlled by the client and is not checked on the PHP side. From PHP 4.2.0, you can also plan what to do next with different error codes by $_files[the ' userfile ' [' ERROR '] variable. In any case, either remove the file from the temp directory or move it to a different location.
If no uploaded file is selected in the form, the value of PHP variable $_files[' userfile ' [' size '] will be null for 0,$_files[' userfile ' [' tmp_name '].
If the file has not been moved elsewhere and has not been renamed, the file will be deleted at the end of the form request.
Example #3 Upload a set of files
PHP's HTML array feature even supports file types.
<form action= "" method= "Post" enctype= "Multipart/form-data" ><p>pictures:<input type= "file" Name= " pictures[] "/><input type=" file "Name=" pictures[] "/><input type=" file "Name=" pictures[] "/><input Type= "Submit" value= "Send"/></p></form>
<?phpforeach ($_files["Pictures" ["Error"] as $key = $error) { if ($error = = UPLOAD_ERR_OK) { $tmp _name = $ _files["Pictures" ["Tmp_name"] [$key]; $name = $_files["Pictures" ["Name"] [$key]; Move_uploaded_file ($tmp _name, "data/$name");} }? >