| Re: My head is spinning [message #169426 is a reply to message #169425] |
Sun, 12 September 2010 00:56   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
The Natural Philosopher wrote:
> MikeB wrote:
>> Please help me understand, my head is absolutely spinning and I can't
>> get my mind around this.
>>
>> In the php.net site there is an example on uploading a file via a
>> form. http://www.php.net/manual/en/features.file-upload.post-method.php
>>
>> This is the sample code for the form:
>>
>> <form enctype="multipart/form-data" action="__URL__" method="POST">
>> <!-- MAX_FILE_SIZE must precede the file input field -->
>> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
>> <!-- Name of input element determines name in $_FILES array -->
>> Send this file: <input name="userfile" type="file" />
>> <input type="submit" value="Send File" />
>> </form>
>>
>> Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?
>>
>
> No. Its either defined somewhere - php.ini, or is simpky a variable you
> set yourself.
>
> I know that the maximum size of file you can accept is defined in
> php.ini though, but cant remember whether or not it sets a variable
> with that name.
>
> However if you set a form variable like that in a piece of HTML php will
> receive that as $_POST['MAX_FILE_SIZE'] (or $_GET....)
>
>
>> Assuming I want to make it a variable in my PHP code, can I do this:
>>
>> <?php
>>
>> $MAX_FILE_SIZE = 30000;
>>
>> echo <<<_END
>> <form enctype="multipart/form-data" action="__URL__" method="POST">
>> <!-- MAX_FILE_SIZE must precede the file input field -->
>> <input type="hidden" name="MAX_FILE_SIZE" />
>> <!-- Name of input element determines name in $_FILES array -->
>> Send this file: <input name="userfile" type="file" />
>> <input type="submit" value="Send File" />
>> </form>
>> <<<_END
>> <?
>>
>> In other words, simply omitting the "value" clause in the form field?
>>
>> And can I make that value a global constant somehow so that I can
>> later also test the actual size of the uploaded file in another
>> function?
>>
>
> No. It doesn't work like that.
>
> The size of the uploaded file is in the $_FILES[...array after uploading.
>
>> Or do I have to do this:
>>
>> <?php
>>
>> $MAX_UPLOAD_SIZE = 30000;
>>
>> echo <<<_END
>> <form enctype="multipart/form-data" action="__URL__" method="POST">
>> <!-- MAX_FILE_SIZE must precede the file input field -->
>> <input type="hidden" name="MAX_FILE_SIZE"
>> value="$MAX_UPLOAD_SIZE"/>
>> <!-- Name of input element determines name in $_FILES array -->
>> Send this file: <input name="userfile" type="file" />
>> <input type="submit" value="Send File" />
>> </form>
>> <<<_END
>> <?
>>
>> I'm also concerned that in the first instance, a malicious user can
>> modify the value and I will be hosed. Am I correct?
>>
> No.
> I think you had better go read the documentation on file uploading.
>
>
> The key elements of a file uplaod system are these..
>
> <INPUT type="FILE" name="upload<?echo $file_id;?>"></div>
>
> So here we define an HTML file upload box and give it the name ulopad0,
> upload1 upload2 etc etc.
>
> After the form is submitted, we can e.g. access the uploaded file this way
>
> $index="upload".$file_id;
> $filename=$_FILES[$index]["name"]; //orig filename
> $tmpname=$_FILES[$index]["tmp_name"]; // the name of the temporary copy
> of the file stored on the server
>
> Its maximum size is set by the limits the PHP system has set in php.ini.
> I am not sure its possible to stop someone sending a huge file, merely
> to prevent php from accepting it.
>
> I have to say I am not sure what you are trying to achieve here, so I
> have stuck this lot up in the hope it at least gets you to ask the right
> question.
>
>
apologies for typos in the above post. Too late, too much C2H50H.
>
>
>
>> Thanks.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]