| Re: My head is spinning [message #169425 is a reply to message #169424] |
Sun, 12 September 2010 00:52   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
MikeB wrote:
> Please help me understand, my head is absolutely spinning and I can't
> get my mind around this.
>
> In the php.net site there is an example on uploading a file via a
> form. http://www.php.net/manual/en/features.file-upload.post-method.php
>
> This is the sample code for the form:
>
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
>
> Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?
>
No. Its either defined somewhere - php.ini, or is simpky a variable you
set yourself.
I know that the maximum size of file you can accept is defined in
php.ini though, but cant remember whether or not it sets a variable
with that name.
However if you set a form variable like that in a piece of HTML php will
receive that as $_POST['MAX_FILE_SIZE'] (or $_GET....)
> Assuming I want to make it a variable in my PHP code, can I do this:
>
> <?php
>
> $MAX_FILE_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> In other words, simply omitting the "value" clause in the form field?
>
> And can I make that value a global constant somehow so that I can
> later also test the actual size of the uploaded file in another
> function?
>
No. It doesn't work like that.
The size of the uploaded file is in the $_FILES[...array after uploading.
> Or do I have to do this:
>
> <?php
>
> $MAX_UPLOAD_SIZE = 30000;
>
> echo <<<_END
> <form enctype="multipart/form-data" action="__URL__" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE"
> value="$MAX_UPLOAD_SIZE"/>
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> <<<_END
> <?
>
> I'm also concerned that in the first instance, a malicious user can
> modify the value and I will be hosed. Am I correct?
>
No.
I think you had better go read the documentation on file uploading.
The key elements of a file uplaod system are these..
<INPUT type="FILE" name="upload<?echo $file_id;?>"></div>
So here we define an HTML file upload box and give it the name ulopad0,
upload1 upload2 etc etc.
After the form is submitted, we can e.g. access the uploaded file this way
$index="upload".$file_id;
$filename=$_FILES[$index]["name"]; //orig filename
$tmpname=$_FILES[$index]["tmp_name"]; // the name of the temporary copy
of the file stored on the server
Its maximum size is set by the limits the PHP system has set in php.ini.
I am not sure its possible to stop someone sending a huge file, merely
to prevent php from accepting it.
I have to say I am not sure what you are trying to achieve here, so I
have stuck this lot up in the hope it at least gets you to ask the right
question.
> Thanks.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]