Uploading files Dr. Steven Bitner Uploading files (chapter 19) - - PowerPoint PPT Presentation

• Dr. Steven Bitner

Uploading files

Uploading files (chapter 19)

 http://kc-sce-

sphp01.kc.umkc.edu/~bitners/dashboard.php

How does that work

 Several different approaches

 We'll only cover one to avoid confusion

 Steps follow

Server settings

 First things first  Use phpinfo() again  http://kc-sce-sphp01.kc.umkc.edu/~bitners/junk.php  Look for:

 file_uploads  max_file_uploads  upload_max_filesize

Another superglobal

 $_GET,$_POST,$_REQUEST, and $_SERVER have a friend  Called $_FILES

 Just like the others, it is created at the right time

Interface with users

 http://kc-sce-

sphp01.kc.umkc.edu/~bitners/code.php?page=dashboard.p hp

 Two elements of note

<input type = "hidden" name = "MAX_FILE_SIZE" value = "2000000" /> <input type = "file" name = "bestFileEver" />

Submit

 Of course don't forget your <form> and <button> tags  Make sure that your form method is POST and that you set

the action attribute to the file you intend to use for uploading <form action = "uploadMe.php" method = "POST" enctype= "multipart/form-data">

enctype?

 The enctype (encoding type) attribute for the form tag tells

the browser that you will be including different encoding formats

 This is similar to the multipart information needed for

mailing an attachment or including HTML in an email

 Without this attribute properly set, your script will fail

$_FILES is alive

 When the user clicks submit, the $_FILES superglobal arrray

is created in much the same manner as $_POST is created

Where to store files

 Server directory – The book way (more sample code)

 pros:

 easiest approach, since the file system does this automatically  less open to injection attacks

 cons:

 Much harder to control access  File itself is stored separately from metadata

 Database – this is the way we'll discuss

 pros:

 Have total control over who can view

 cons:

 More complex to program  Injection attacks can happen if you don't use prepared statements

Database storage of files

 Need a database table for storing files with:

 name – this will store the name of the file

 CHAR or VARCHAR

 size – to store the size of the file

 INT  $_FILES['size'] is a quick bit of error checking to make sure that a file was uploaded

 type – in order to send the appropriate header, or include the correct data

type in the form src attribute

 CHAR or VARCHAR

 content – the file itself

 any member of the BLOB family

 TINYBLOB – up to 28 bytes = 256B  BLOB – up to 216 bytes = 64KB  MEDIUMBLOB – up to 224 bytes = 16MB  LONGBLOB – up to 232 bytes = 4GB

Uploading

 Like all of PHP

, you can choose a functional or an object

• riented approach

 You can hard code this functionality inline, but then the code is

not re-usable

 http://kc-sce-

sphp01.kc.umkc.edu/~bitners/code.php?page=resources/u ploader.php

Did it work?

 Check your database table directly

 kc-sce-sphp01.kc.umkc.edu:8888

 If it's in there, you're almost done

Viewing

 We don't store files for the sake of wasting disk space  Once again two approaches

 Display by encoding the data from the db and using the

following image tag

<img src="data:image/jpeg;base64,ENC_FILE" />

 ENC_FILE above is the value returned from

base64_encode ($file);

More common approach

 Use a script as an image src  Send header from the script

<img src="showImage.php?id=8" />

 Tons of examples online

 Essentially, send the appropriate

headers and then echo the content from the database