Seasonal Savings: 20% off selected memberships for a limited time. Give now

Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Overview of the UploadFile class

From: Uploading Files Securely with PHP

Video: Overview of the UploadFile class

Whether you've been building your own The maximum size for an individual file is 50 kilobytes.

Overview of the UploadFile class

Whether you've been building your own version of the UploadFile class definition. Or you've jumped straight to this chapter, let's take a look at the classes features and how to use it. The primary emphasis is on security when uploading files. The class limits the size of individual file uploads. Although the size can be changed, the class prevents you from exceeding the limits set in the server's configuration. Uploads can be restricted to a predefined range of MIME type.

Alternatively, the class will automatically append a suffix to the names of files such as executables, that are considered risky. The upload file class has also been designed to be flexible. It automatically handles both single, and multiple file uploads. Most default settings can be changed without editing the class definition. These are the defaults in the version of the class in the exercise files. The maximum size for an individual file is 50 kilobytes.

Uploads are restricted to image formats commonly used on the web. But if uploads of all types are enabled, .upload is automatically appended as a suffix to the filename of potentially risky files. Duplicate files are automatically renamed by inserting a number before the file name extension. However, all of these defaults can be changed by calling public methods in the processing script. To ensure compatibility with other scripts, the class uses a name space.

This means that the server must be running a minimum of PHP 5.3. So let's review how you use the class. As well as including the class in your main script, it's recommended to import the name space with the use operator like this. The name space foundationphp is separated from the class name by a backslash. This allows you to create an upload file object like this, without the need to use the name space. The UploadFile constructor takes a single argument.

The path of the folder to which the files are to be uploaded. The class has four public methods. Set max size changes the size limit for individual files. It takes a single argument, which must be expressed as the number of bytes. I'll show you later in this chapter, how to specify the value without the need to get out your calculator. Using set max size is optional. If you don't use it, the class uses the default of 50 kilobytes.

Allow all types removes the restriction on the mine types that can be uploaded. It takes a single argument which is optional. If no argument is supplied, .upload is appended to the names of files with file name extensions that pose a potential risk. The suffix can be changed by passing a string as an argument to allow all types. If you don't want a suffix appended to file names, use an empty string as the argument. Using allow all types is optional.

If you don't use it, the class restricts uploads to specific MIME types. Upload actually performs the upload. It takes a single argument which is optional. If you use upload without an argument, files with a name that already exists in the destination folder, are renamed by inserting a number before the filename extension. To overwrite duplicate files, pass zero or false without quotes, as the argument. Using this method is required. Without it, nothing is uploaded.

If you use set max size, or allow all types, or both of them, they must be called first because they changed the settings used by upload. Finally, getMessages returns an array of messages reporting whether the upload was successful and whether files were renamed. Since getMessages reports on the outcome, it can be called only after upload. The class also has two public static methods, which can be used in the upload form without creating an upload file object. The first one is called converToBytes.

It's useful for converting the value of Post Max Size, and Upload Max File Size. From the PHP configuration into bytes, the value can then be used to check whether the upload exceeds the server limits. The other one is called convert from bytes. It takes a value expressed as bytes, and converts it to a more human readable value, the number of kilobytes or megabytes rounded to one decimal place. To use a static method without creating a UploadFile object, you use the class name follow by a double colon, and the method name like this.

So now you know what the upload file class does. Let's use it.

Show transcript

This video is part of

Image for Uploading Files Securely with PHP
Uploading Files Securely with PHP

33 video lessons · 2628 viewers

David Powers
Author

 
Expand all | Collapse all
  1. 4m 49s
    1. Welcome
      57s
    2. What you should know before watching this course
      2m 0s
    3. Using the exercise files
      1m 52s
  2. 33m 2s
    1. How PHP handles file uploads
      6m 16s
    2. Examining the $_FILES array
      5m 8s
    3. Setting the maximum file size
      5m 36s
    4. Preparing the upload folder
      3m 18s
    5. Moving the file to its destination
      6m 51s
    6. Limitations on file uploads
      5m 53s
  3. 47m 3s
    1. Planning the class's features
      3m 15s
    2. Creating and using a namespaced class
      5m 25s
    3. Creating the class constructor
      7m 26s
    4. Getting a reference to the uploaded file
      5m 9s
    5. Checking the error level
      5m 7s
    6. Displaying errors and other messages
      4m 51s
    7. Setting and checking the maximum file size
      7m 19s
    8. Strengthening the setMaxSize() method
      8m 31s
  4. 35m 30s
    1. Restricting acceptable MIME types
      5m 27s
    2. Removing spaces from file names
      5m 21s
    3. Restricting acceptable file-name extensions
      6m 10s
    4. Neutralizing potentially dangerous uploads
      5m 54s
    5. Renaming files with duplicate names
      7m 58s
    6. Moving the file to its destination
      4m 40s
  5. 10m 25s
    1. Understanding how the $_FILES array handles multiple files
      4m 42s
    2. Adapting the class to handle both single and multiple uploads
      5m 43s
  6. 38m 15s
    1. Overview of the UploadFile class
      5m 9s
    2. Setting up to use the class
      4m 11s
    3. Using the class
      8m 12s
    4. Reporting errors with multiple uploads
      4m 0s
    5. Displaying the server limits
      4m 51s
    6. Alerting the user about exceeding the server limits
      6m 14s
    7. Changing the class's defaults
      5m 38s
  7. 1m 38s
    1. Goodbye
      1m 38s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Uploading Files Securely with PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.