Viewers: in countries Watching now:
The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
If you worked through the earlier chapters of this course, you should be familiar with how to use the upload file class. This movie and the next one, are mainly for the benefits of those who've skipped straight to this chapter, or if you need to refresh your memory. To use the class, you need a web page with a form that contains a file input field. In my editing program, I've got open form.php and you can find a copy of this file in the exercise files for this movie. Let's take a quick look at what this file contains.
Above the doctype is a small PHP block, on line 2 max is set to 50 times 1024. 1,024 is the number of bytes in a kilobyte. So this'll be used to set the maximum size of an upload file to 50 kb. Obviously if you want it to be a different value say 100 or 150, all you need to do is to change the 50 and PHP will do the calculation for you. Line 3 result is an empty array.
This will be used to store the results of the upload. And those results will be displayed by the PHP block on lines 14 through to 20 as an unordered list. Now, let's scroll down and look at the form itself. The opening form tag on line 21, action is set to PHP echo server PHP self. What this does is that when the form is submitted the page will just reload itself and it will turn it into a self-processing form.
And we'll have the processing script in the PHP block above the doctype. Method is set to post. This is very important when uploading files. It must be post and not get. The other important thing for uploading files is you must have enctype equals multipart/form-data. This tells the browser to expect files to be uploaded. The other thing for uploading files. On line 23 we have a hidden field. And its name is MAX_FILE_SIZE.
This is a fixed name used by PHP and the value is the number of bytes that you want to limit the maximum size to. So we're going to be using max here. So that means it will be 50 kilobytes or whatever value do you decide to set it to. The file input field is on line 25. It's very important that the file input field should come after this hidden field. If you put them the other way around, the file will still be uploaded, but the maximum size won't be applied.
The name of the file input field is file name, but you don't really need to know the name of the file input field. Because the upload file class deals with that automatically. Then on line 28 we've got the submit button and the name of the submit button is upload. You also need a copy of the class definition, upload file.php which you can find in the exercise files for this movie. It's common convention to store class definitions in a folder called src for source.
So in my testing site I've got a folder called src and if we open that, inside is another folder called foundationphp. We're using a namespaced class so you have a separate sub folder for each namespace. I'm using foundationphp because that's my domain name. And then inside that is the fileuploadfile.php, which contains the class definition. Well another thing that you need is a folder to upload the files to.
I've got one uploaded within my testing site, the folder needs to be writable and if necessary; you should refer to the movie on preparing the upload folder in chapter 1. So that's the set-up for working with the upload file class. In the next movie, I'll show you how to use it.
There are currently no FAQs about Uploading Files Securely with PHP.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.