Thread: Help with PHP File Upload Script
View Single Post
  #11 (permalink)  
Old 26-01-2007, 12:52
DavidAllen's Avatar
DavidAllen DavidAllen is offline
Premium Member
  
Join Date: Jan 2007
Location: Amersham
Posts: 362
Send a message via MSN to DavidAllen Send a message via Skype™ to DavidAllen
Default
Quote:
Originally Posted by intervizual View Post
<?php

$uploaddir = '/attachments/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

Hi - I use the following code to upload files - main difference appears to be that move-uploaded_file is done in a loop to give it time to complete. It's all done in a function storefile called like this:
Code:
//upload file
	if($_FILES['resultsupload']['name']<>"") {
		if(storefile("resultsupload", "../results/")) {
			echo("Upload successful");
		} else {
			echo("Upload failed...");
		}
	}
The function is:

Code:
function storefile($var, $location, $filename=NULL, $maxfilesize=NULL) {
	$ok = true;
		
	if(isset($maxfilesize)) {
		if($_FILES[$var]["size"] > $maxfilesize) {
			$ok = false;
		}
	}
	
	if($ok==true) {
		$tempname = $_FILES[$var]['tmp_name'];
		if(isset($filename)) {
			$uploadpath = $location.$filename;
		} else {
			$uploadpath = $location.$_FILES[$var]['name'];
		}
		if(is_uploaded_file($_FILES[$var]['tmp_name'])) { 
			while(move_uploaded_file($tempname, $uploadpath)) {
				// Wait for the script to finish its upload   
			}
		}
		return true;
	} else {
		return false;
	}
}
One other thing is that my form has a hidden field MAX_FILE_SIZE which I don't think is absolutely necessary - but does mean the check is done client side

Hope this helps
David
Reply With Quote