File upload processing

xiaoxiao2021-03-06 41

PHP manual backward

Chapter 18. File Upload Processing

table of Contents

POST method upload

Explanation about error information

Some precautions

Upload multiple files

Support for PUT methods

POST method upload

PHP accepts any files from a browser that meets RFC-1867 standards (including Netscape Navigator 3 and higher, Microsoft Internet Explorer 3 add Micro patch, or higher). This feature of PHP allows us to upload text files or upload binaries. With PHP authentication and file operation functions, you can control who has uploaded permissions, and how to proceed after the file is uploaded.

Related Settings: See the file_uploads, upload_max_filesize, upload_max_filesize, upload_tmp_filesize, pOST_MAX_SIZE settings options.

Note that PHP also supports file upload of the PUT method, the AMAYA client of Netscape Composer and W3C uses this method. Please refer to PUT method support for more information.

You can build a special form as follows to support file upload:

Example 18-1. File upload form

Send this file:

"_Url_" in the above example should replace the true URL to a PHP file. Max_file_size hidden domain (unit-by-byte) must be prior to file input domain, its value is the maximum size of the received file. At the same time, to ensure that your file upload form must have encType = "multipart / form-data", otherwise the file upload will not work.

WARNING MAX_FILE_SIZE value is only a suggestion for the browser, in fact it can be bypassed. Therefore, do not assign the limitations of the browser to this value. In fact, the maximum value of the upload file in the PHP setting is not invalid. But it is best to add Max_File_Size in the form, because it can avoid the user's trouble too much after it takes time to wait for the large file.

Variables defined for upload files are different depending on the version and settings of PHP. Automatic global variable $ _files starts support from the PHP version 4.1.0 version. Before this, start from version 4.0.0, PHP supports $ http_post_files array. These arrays will contain all information about the file you upload, where we recommend you to use $ _files. If the PHP setting option register_global is ON, the associated variable name will exist. Starting from the PHP 4.2.0 version, the default value of Register_Globals is set to OFF.

The content of the $ _files array in the above example is as follows. We assume that the name of the file upload field is shown in the above example, for Userfile. The name can be named at will.

$ _FILES ['Userfile'] ['Name']

The original name of the client machine file.

$ _Files ['userfile'] ['Type'] file MIME type, you need to provide support for this information, such as "image / gif".

$ _FILES ['Userfile'] ['size']

The size of the file has been uploaded, the unit is byte.

$ _Files ['userfile'] ['TMP_NAME']

The file name stored in the server after the file is uploaded.

$ _Files ['userfile'] ['Error']

And upload the relevant error code. ['Error'] is incremented in the PHP 4.2.0 version.

Note: The name of the array before the PHP 4.1.0 version is $ http_post_files, which is not as automatic global variables like $ _files. PHP 3 does not support $ http_post_files arrays.

When the register_global in php.ini is set to ON, you can use more variables. For example, $ userfile_name is equivalent to $ _files ['userfile'] ['name'], $ userfile_type is equivalent to $ _files ['userfile'] ['type'], etc. Keep in mind that from PHP 4.2.0, Register_Globals's default is OFF, so we recommend that you do not depend on the reform settings to use the additional variables just mentioned.

After the file is uploaded, it will be stored in the default temporary directory of the server by default unless you set up UPLOAD_TMP_DIR in php.ini to other paths. The server's default temporary directory can be reset by changing the environment variable TMPDIR of the PHP runtime environment, but it is not played by running the Putenv () function inside the PHP script. This environment variable can also be used to confirm that other operations are also performed on the uploaded file.

Example 18-2. Make the file upload

Please check the function is_uploaded_file () and move_uploaded_file () to get further information. The following paradigm processes the file uploaded by the form.

"; if (move_uploaded_file ($ _ files ['userfile'] ['TMP_NAME'], $ UPLOADDIR. $ _FILES ['Userfile'] ['Name'])) {Print "File is Valid, And Was SuccessFully Uploaded. Here's Some More Debugging Info: / N"; Print_R ($ _ files) } else {print "Possible File Upload Attack! Here's Some Debugging Info: / N"; Print_r ($ _ files);} PRINT "";?>>>>>

The PHP script that accepts the upload file must be judged after the file is uploaded to determine the files to operate next to the file. For example, you can ignore a file that is too large or too small by $ _files ['Userfile'] ['size'], or filter file types through $ _files ['userfile'] ['type'] variables and Some standards are not in line with documents. In PHP 4.2.0 or higher, you can also do related judgments based on different error code via $ _files ['userfile'] ['ERROR'] variable. Regardless of the judgment, you must remove the file from the temporary directory or move it to other places. If there is no file in the form, the PHP variable $ _files ['userfile'] ['size'] will be 0, $ _ files ['userfile'] ['TMP_NAME'] will be NONE.

If the file is not moved to it elsewhere, the file will be deleted at the end of the form request.

Backward point advancement of cookies on the first level of interpretation of error information

转载请注明原文地址:https://www.9cbs.com/read-79189.html

9cbs

New Post(0)