Message-ID: <451FE27F.5070502@xxxxxxxxxxxxx>
Date: Sun, 01 Oct 2006 17:45:03 +0200
From: Neil Jackson <neil@xxxxxxxxxxxxx>
MIME-Version: 1.0
To: php-db@xxxxxxxxxxxxx
Content-Type: multipart/mixed;
boundary="------------000308070500010902000303"
Subject: user directory from a form
I apologise for using this mailing list but I cannot find another.
I have a form
echo "<FORM ACTION='$PHP_SELF' METHOD='POST'>";
Although you correctly used POST for that form you also require to
set the ENCTYPE="multipart/form-data" as shown in the example here
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.2 in order
to post file attachments,
Snipped useless HTML (please post complete but minimal examples when
requesting help)
echo "<TD><INPUT TYPE='file' NAME='myfile' WIDTH='50'></TD>";
I pass this to another file. I am trying to read the directory that
the users file is in. ie
When you use the enctype setting as above, PHP will populate the $_FILES array.
Specifically for your field here, it will populate the
$_FILES["myfile"] variable.
NB : I changed the form element's name to make it clearer which
variable is created.
In turn that is an array, and the actual value you want is where PHP
saved the uploaded file.
That value is contained in the varialbe $_FILES["myfile"]["tmp_name"];
tmp_name always points to the PHP upload directory, on unix systems
it's often /tmp
The actual file name will *not* be that which your user supplied, it
will be a unique and often cryptic name
So you understand, this is *not* a PHP+DB related question. Your
first resource should always be the PHP website documentation, which
you can find here : http://uk.php.net/features.file-upload
Ensure you understand the security issues regarding file uploads, and
especially testing *if* the file really was uploaded, using
is_uploaded_file() function before moving it or acting on the data.
"/srv/www/htdocs/functions/email/file.txt", I want to read the
"/srv/www/htdocs/functions/email/". The variable $filename only
gives the "file.txt" as a value.
In general, *never* move uploaded files into your web server's file
structure if you can avoid it. The security issue is that the user
now has a route to upload say a virus file to your server, and then
point other users to your known server address and path. Your web
server will probably dish out this file on request from the
evil-hacker's link to your server. You are now consuming resources on
his behalf, as well as apparently being the source-of-all-evil.
So - time to read up on "PHP file upload security", budget 1/2-1 day ;-))
HTH
Cheers - Neil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
