New to PHP and the list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, I'm new to PHP and also new to using newsgroups/mailing lists directly. So if I make a mistake, please forgive me this once and I'll try to do better in the future.

Please help me understand, my head is absolutely spinning and I can't
get my mind around this.

In the php.net site there is an example on uploading a file via a
form. http://www.php.net/manual/en/features.file-upload.post-method.php

This is the sample code for the form:

<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?

Assuming I want to make it a variable in my PHP code, can I do this:

<?php

$MAX_FILE_SIZE = 30000;

echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE"  />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>
<<<_END
<?

In other words, simply omitting the "value" clause in the form field?

And can I make that value a global constant somehow so that I can
later also test the actual size of the uploaded file in another
function?

Or do I have to do this:

<?php

$MAX_UPLOAD_SIZE = 30000;

echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE"
value="$MAX_UPLOAD_SIZE"/>
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>
<<<_END
<?

I'm also concerned that in the first instance, a malicious user can
modify the value and I will be hosed. Am I correct?

Thanks.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux