Viewers: in countries Watching now:
The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
Whether you've been building your own version of the UploadFile class definition. Or you've jumped straight to this chapter, let's take a look at the classes features and how to use it. The primary emphasis is on security when uploading files. The class limits the size of individual file uploads. Although the size can be changed, the class prevents you from exceeding the limits set in the server's configuration. Uploads can be restricted to a predefined range of MIME type.
Alternatively, the class will automatically append a suffix to the names of files such as executables, that are considered risky. The upload file class has also been designed to be flexible. It automatically handles both single, and multiple file uploads. Most default settings can be changed without editing the class definition. These are the defaults in the version of the class in the exercise files. The maximum size for an individual file is 50 kilobytes.
Uploads are restricted to image formats commonly used on the web. But if uploads of all types are enabled, .upload is automatically appended as a suffix to the filename of potentially risky files. Duplicate files are automatically renamed by inserting a number before the file name extension. However, all of these defaults can be changed by calling public methods in the processing script. To ensure compatibility with other scripts, the class uses a name space.
This means that the server must be running a minimum of PHP 5.3. So let's review how you use the class. As well as including the class in your main script, it's recommended to import the name space with the use operator like this. The name space foundationphp is separated from the class name by a backslash. This allows you to create an upload file object like this, without the need to use the name space. The UploadFile constructor takes a single argument.
The path of the folder to which the files are to be uploaded. The class has four public methods. Set max size changes the size limit for individual files. It takes a single argument, which must be expressed as the number of bytes. I'll show you later in this chapter, how to specify the value without the need to get out your calculator. Using set max size is optional. If you don't use it, the class uses the default of 50 kilobytes.
Allow all types removes the restriction on the mine types that can be uploaded. It takes a single argument which is optional. If no argument is supplied, .upload is appended to the names of files with file name extensions that pose a potential risk. The suffix can be changed by passing a string as an argument to allow all types. If you don't want a suffix appended to file names, use an empty string as the argument. Using allow all types is optional.
If you don't use it, the class restricts uploads to specific MIME types. Upload actually performs the upload. It takes a single argument which is optional. If you use upload without an argument, files with a name that already exists in the destination folder, are renamed by inserting a number before the filename extension. To overwrite duplicate files, pass zero or false without quotes, as the argument. Using this method is required. Without it, nothing is uploaded.
If you use set max size, or allow all types, or both of them, they must be called first because they changed the settings used by upload. Finally, getMessages returns an array of messages reporting whether the upload was successful and whether files were renamed. Since getMessages reports on the outcome, it can be called only after upload. The class also has two public static methods, which can be used in the upload form without creating an upload file object. The first one is called converToBytes.
It's useful for converting the value of Post Max Size, and Upload Max File Size. From the PHP configuration into bytes, the value can then be used to check whether the upload exceeds the server limits. The other one is called convert from bytes. It takes a value expressed as bytes, and converts it to a more human readable value, the number of kilobytes or megabytes rounded to one decimal place. To use a static method without creating a UploadFile object, you use the class name follow by a double colon, and the method name like this.
So now you know what the upload file class does. Let's use it.
There are currently no FAQs about Uploading Files Securely with PHP.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.