Ready to watch this entire course?
Become a member and get unlimited access to the entire skills library of over 4,900 courses, including more Developer and personalized recommendations.Start Your Free Trial Now
- View Offline
At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.
- How PHP handles file uploads
- Setting the maximum file size
- Moving the file to its destination
- Creating and using a namespaced class
- Displaying error messages
- Restricting unacceptable MIME types and file extensions
- Using the class
- Reporting errors
- Altering the user
Skill Level Intermediate
The allow all types method that we've created on line 71 to 81, makes the upload file class accept all types of files. It also allows you to specify whether a suffix should be appended to the file name of potentially risky types. We now need to amend the check name method so that it renames files correctly and appends that suffix, if necessary. So let's find the check name method. It's down towards the bottom of the class definition.
There it is. We need to add an extra line on line 165. And the first task, is to extract the file name extension. The file name is stored here in no spaces. We can get the extension by passing nospaces as an argument to the built-in PHP function path info, which returns an associative array of information about a file or a file path. So we'll create a variable called nameparts and pathinfo. Nospaces.
If the file name doesn't have an extension, the extension element of nameparts won't have been set, so we need to check if it exists. So let's create a variable to store the extension. Then we'll check if it's set. So we're checking for nameparts. Extension. And we'll use conditional operators. So if it has been set we'll assign nameparts extension to extension. If not, we'll make it an empty string.
Now if type checking is on, we don't need to add a suffix. Nor do we need to do so, if the suffix is an empty string. Now let's create a conditional statement. If not, this type checking on, and not empty, this suffix. So the code inside this conditional statement will run only if type checking is off.
And the suffix is not an empty string. The next thing that we need to check is if the extension is in the notTrusted array or if it's empty. So another conditional statement, if in array we're looking for the extension that's our needle and the haystack that we're looking in. Is this notTrusted. And the other condition that we're looking for, the alternative condition, is whether the extension is empty.
So if either of those conditions is true, we need to add the suffix to nospaces and then assign the value to the new name property. To indicate that the name has been changed. So in other words, if the extension is in the notTrusted array, or if the extension is empty, we're going to add the suffix. This newName equals the original name, nospaces, then with the suffix added to it.
Course it's the suffix property. The reason that I've included an empty extension here is that files without a file name extension are frequently used on Linux as executable files. Of course, this will catch some innocent files such as readme, but I think it's better to be on the cautious side. So let's save the class definition. And then go back to, form.PHP. At the moment we're allowing all types. We're not adding a particular extension. But let's, just test that.
By adding the default suffix to the filename you can also specify custom suffix by parsing a string as an argument to allow all types. And if you don't want to add a suffix, simply parse an empty string as the argument. But if you want to be really restrictive, just omit allow all types from the processing. And only specified mine types will be uploaded.