Viewers: in countries Watching now:
The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
To make the file upload form more user-friendly, it's a good idea to display the server limits in the web page. You can do this by checking the server configuration, and then hard coding the values into the page. But actually, we've got all the tools necessary to get the values dynamically. Rather than querying the server each time the page loads, let's store the values as session variables. So, we'll need to initialize a session, and then we need to check if one of the session variables is being set.
We only need to check one because if one hasn't been set, none of them will have been. So, if and not isset, and what we're looking for is SESSION. And we'll look for maxfiles. If that doesn't exist, we need to create it by querying the server configuration and getting the value of max_file_uploads. So, SESSION maxfiles, and then we can use ini_get and it's the max_file_uploads that we are looking for. Then another SESSION variable, call this one postmax.
And we'll use that to get the value of post_max_size. max_file_uploads will be a number, but post_max_size could be stored either as bytes or using shorthand, such as 8M for eight megabytes. So to display it in a user-friendly way, we need to make sure that it's first in bytes, and then we can convert it to a user-friendly format. So what we need to do is to use one of the upload file classes static method to convert it to bytes.
At the moment, the class definition is being included only when the form has been submitted. So we need to move the include command from line 12, which is inside that conditional statement, and put it up after session_start. So, we can now call these static methods. So, let's insert our cursor here. And then we're looking for UploadFile. That's followed by two colons and then convertToBytes.
The value that we're going to convert is this ini_get post_max_size. So cut that and move it between these parentheses. So now we've got the value in bytes. We can convert it to a user-friendly format. So let's create another SESSION variable. And we'll call this one displaymax. And we'll use the UploadFile static method convertFromBytes. And the value that we will pass to it is SESSION postmax.
So now we've got post_max_size expressed both as bytes and in a user-friendly format. If you're wondering why we're saving post_max_size as a SESSION variable, it's because it will be useful in the next video to check whether the user has exceeded the server limit. So, we've now got the values here, we can display the values in an unordered list after the file input field. So let's scroll down to the file input field. And there it is, it's on line 54.
So we'll insert the unordered list between the two paragraphs. And to save a little bit of time, I'm going to paste my unordered list from a text file that I've created. And you can find a copy of the text file in the Exercise Files for this video. So let's just paste that in there. And what we've got here, the first list item up to, and then the number of max files can be uploaded simultaneously. Then the next one. Each file should be no more than, and then we use the static convertFromBytes method to convert max into the maximum size for an individual file.
And then we're using displaymax to show the maximum size of all the files that can be uploaded. So if we just save that and then run it in a browser, we're now displaying these values here. Up to 20 files can be uploaded simultaneously. Each file should be no more than 50 kilobytes, and the combine total should not exceed eight megabytes. So that is much more user-friendly. The upload form is now more informative, but it would be even more so if it actively alerted users when their selections of files exceeds the server limits.
We'll deal with that next.
There are currently no FAQs about Uploading Files Securely with PHP.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.