Clever Geek Ideas

PHP: uploading a file to the server

Uploading files via PHP is a very interesting thing that you need to approach very carefully. On the Internet you can find many examples of the implementation of file downloads, but not all of them are good and comply with security rules.

Such things need to be brought to an end, even if it takes a lot of time. If you leave a gap in the code, then your entire server may be at risk.

Security

Using PHP, uploading files to the server is quite easy. The code is very short and simple. Just a couple of lines. But such a method is dangerous. Much more time and lines of code are spent on security.

The danger is that if you do not check, any attacker can upload their scripts to your server. In this case, he will have full access. He can do whatever he wants:

  • delete bases;
  • delete site files;
  • Modify site files
  • add your ads to your site;
  • Download viruses
  • redirect all users to their sites;
  • and much more that comes to the mind of the cracker.

, . , , , , . .

, , .

PHP

. .

php file upload form




, . , HTML ( PHP).





, enctype.

upload files via php




.

?

easy php file upload




When you click on the browse button, a window should open where you will be prompted to select a file.

After that, the path where the file is located should appear.

fast file upload via php




If the path does not appear, then do this again.

After clicking on the download button with a file handler, you can display any information.









form for uploading files via PHP




For example, you can write a line that says that a file with such-and-such name was successfully uploaded to such-and-such folder. Of course, the file name will always be different.

Typically, such detailed information is used to debug code. Thus, you can verify that the data is being transferred and writing to the directory you need. That is, even the file name is not indicated. Since this is superfluous information that the user does not need.

, . . .

PHP , php.ini. . . : file_uploads, upload_tmp_dir upload_max_filesize.

, , - . , . .

, , . , .

, SSH . service httpd restart, .

- ISP- - .

how to reboot the server




PHP $_FILES. , .

, , - .

php file download




"". , $_FILES. . PHP - .

php upload files to server




As you can see, there are many fields in this array. All of them are important to us. The first field stores the name of the file in the form in which it is used on your computer.

The type column indicates the file type. The tmp_name field corresponds to the name of the temporary file. After the script is finished, it will be deleted.

The error field stores the error code. More about this later. Size - size in bytes.

Mistakes

PHP file uploads are always accompanied by an error code. The error message is enclosed in the "error" field. In the screenshot, the error is zero.

php file upload script




Consider the values ​​of all errors:

loading errors




It was said above about a parameter that can be specified in regular HTML.

Here is an example of a form for uploading a file, which indicates a limit on the size of the uploaded file.

html file upload form




PHP: file upload script

? PHP copy. , , copy, - .

, , . , , type $_FILES. ,

, , GIF, JPEG PNG. .

if($_FILES['file_upload']['type'] != "image/gif") {

echo ", Gif-";

exit;

}

3 , .

: copy( 1, 2).

, ,

copy($_FILES['file_upload']["tmp_name"], "1.jpg")

1.jpg. . . , .

. . ( ) - .

$path_info = pathinfo($_FILES['photo1']["name"]);

$ext=$path_info['extension'];

$ext . md5. , . . .

.

php file type check




///

if ($_FILES['photo1']['tmp_name'] == null)

{

echo ("<p><strong> .</strong></p> <p><a href='javascript:history.back()'>...</a></p> ");

exit;

}

/// . , - (), ,

if (($_FILES["photo1"]["size"] > 1024*1024*2)

{

?>

<p> <strong>2 </strong>

<p><a href='javascript:history.back()'>...</a></p>

<?

exit;

}

//

//

if (!file_exists("img/".date("M")))

{

mkdir("img/".date("M"));

}

//

if (!file_exists("img/".date("M")."/".date("d")))

{

mkdir("img/".date("M")."/".date("d"));

}

///

$path_info = pathinfo($_FILES['photo1']["name"]);

$ext=$path_info['extension'];

///

$id=md5(date("Y-M-d"));

if(copy($_FILES['photo1']["tmp_name"], "img/".date("M")."/".date("d")."/".$id.$ext))

{

echo (" ");

}

/// ( . .)

}

(PHP) .

upload multiple php files




, . , . .

- .

.

<form method="POST" action=" -" name="upload_form" enctype="multipart/form-data">

<p>

<input class="form_upload" type="file" name="file1[]" multiple value="">

<input class="form_upload" type="submit" name="upldFile" value="" />

</p>

</form>

, multiple, []. $_FILES . .

var_dump($_FILES);

:

  1. $_FILES["file1"]["name"][0]
  2. $_FILES["file1"]["name"][1]
  3. .

. . , [$i].

$i=0;

while ($ _FILES ["file1"] ["name"] [$ i] <> '')

{

/// insert the above code

}

Thus, you will have through PHP uploading files to the server in one cycle without repeating the code as it usually happens if you use the option with a static number of files (last photo).



More articles:


All Articles