The global $_FILES will contain all the uploaded file information.
Its contents from the example form is as follows. Note that this assumes the use of
the file upload name userfile, as used in the example
script above. This can be any name.
- $_FILES['userfile']['name']
-
The original name of the file on the client machine.
- $_FILES['userfile']['type']
-
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.
- $_FILES['userfile']['size']
-
The size, in bytes, of the uploaded file.
- $_FILES['userfile']['tmp_name']
-
The temporary filename of the file in which the uploaded file was stored on the server.
- $_FILES['userfile']['error']
-
The error code associated with this file upload.
Files will, by default be stored in the server's default temporary
directory, unless another location has been given with the upload_tmp_dir directive in
php.ini. The server's default directory can
be changed by setting the environment variable
TMPDIR in the environment in which PHP runs.
Setting it using putenv() from within a PHP
script will not work. This environment variable can also be used
to make sure that other operations are working on uploaded files,
as well.
Example #2 Validating file uploads
See also the function entries for is_uploaded_file()
and move_uploaded_file() for further information. The
following example will process the file upload that came from a form.
<?php
$uploaddir = '/var/www/uploads/';$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';print_r($_FILES);
print "</pre>";
?>
Comments
Post a Comment