Viewers: in countries Watching now:
The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
The remaining stages in making the upload file class more robust involve inspecting the file name and altering it if necessary. We'll begin by implementing a simple routine to replace spaces in file names with underscores. Spaces are acceptable on Windows and Mac operating systems, but they cause problems on Linux and in URLs. So, we'll begin by creating a property to store the filename if it's been altered. And, like all properties, it needs to be declared at the top of the class definition.
It'll be protected and we'll call it newName. Now we need to create a protected method, called checkName. It needs to go with our other check methods, so we'll put it after the checkType method. So create a little bit of extra space there And the argument that we will pass the checkName will be the reference to the current element in the file's super global array, so that will be file, and then inside our definition, the first thing we need to do is to make sure that newName is null.
The reason for doing that is that the class will eventually be capable of handling multiple file uploads. So, newName needs to be cleared each time this method is used. So it'll be this, newName equals null. Now we can replace the spaces with underscores, and we'll assign the result to a temporary result called nospaces. And we'll use the string replace function. That searches for something. What we're going to search for is a string, which is simply a space, we're going to replace it with a string, which will be an underscore.
And the subject, what we're looking at, is the file name, as reported in the file superglobal array. So that's file and then it's the name element that we're looking for. To check whether the name has been changed, we can compare nospaces with file name. So, if nospaces is not equal to file name, if they're not equal, we know that it's been changed. So, we assign nospaces to the new name property.
So this newName equals nospaces. So that's as far as we are going to go with the checkName method in this video. So we need to call this in the checkFile method. So I'll scroll back up there and we'll call it after checkType. You just need to call it directly so it'll be this checkName. And we pass it file as the argument. But if the file has been renamed, we need to tell the user.
And we'll do that in the moveFile method, which is right down at the bottom. And at the moment, this messages takes file name was uploaded successfully. What we need to do is to add something to the end of that message if it was renamed. So, instead of this messages, we'll use a temporary variable which we'll call result. And then we'll remove that period at the end there. And then we'll have a conditional statement if. And we'll have a conditional statement.
And we'll know this if new name is not null, we know that the file has been renamed. So, not is null and we're looking at this newName. We can then add to result .= and was renamed. Then we need to add that new name, which is in the newName property.
And then let's be grammatically correct. Let's add a period to the end of result, and finally we can assign result to this messages. So it's this messages, add square brackets, equals result. So we can now save our definition, and go to form, test it in a browser. If we choose a file that has got underscores in it, upload file, we get that uploaded successfully. Then if we choose a file that has got spaces in it. Let's try rose pink, and upload that.
It says that rose pink was uploaded successfully and was renamed, rose_pink.jpg. So removing spaces from the file name and replacing them with underscores has been a fairly trivial operation. But we'll continue improving the checkName method to neutralize risky file name extensions and to optionally prevent files from being over written.
There are currently no FAQs about Uploading Files Securely with PHP.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.