Make sure the file size not exceed desired value
allow certain fype type: to prevent user upload harmful content.
In my current project. I have to solve it all. In this artice, I will share you some of the trick. If you like to know more, feel free to ask question by commenting.
Make a Upload function:
////////////////////
function upload_file($user_file,
$dest_dir,
$max_file_size,
$to_file_name='')
{
$file_name=(empty($to_file_name))
? $_FILES[$user_file]['name']
: $to_file_name;
$file_size=$_FILES[$user_file]['size'];
$temp_file=$_FILES[$user_file]['tmp_name'];
$upload_file="$dest_dir/$file_name";
$err='';
if ($_FILES[$user_file]['error'])
{
$err=upload_error_message(
$_FILES[$user_file]['error']
);
message_warning($err);
return false;
}
echo "
Uploading file $file_name...";
if (DEBUG)
{
echo "to $upload_file";
}
if (is_uploaded_file($temp_file))
{ //check size
if ($file_size>$max_file_size)
{
message_warning("
File size too large: $file_size
");
unlink($temp_file);
return false;
}
if (file_exists($upload_file))
{
message_warning('File Existed');
unlink($temp_file);
return false;
}
if (move_uploaded_file($temp_file,$upload_file))
{
echo "
File uploaded: $file_name!";
return true;
}
else
{
message_warning('Cannot copy file!');
return false;
}
}
else
{
message_warning('Upload Failed!');
return false;
}
}
Upload form valiate:
function validate_upload_form($update=false)
{
global $file_name;
global $tempfile;
global $err_file;
$ok=true;
if (empty($file_name))
{
$err_songfile='
No file specified!';
$ok=false;
}
else
{
$ext=get_ext($file_name);
if (!is_ext_allowed($ext))
{
$err_file='
Exentions not allow';
$ok=false;
}
}
if ( (!$ok)&&(!empty($tempfile)) )
{
delete_file($tempfile);
}
return $ok;
}
Get File extension:
function get_ext($filename)
{
if (!empty($filename))
{
$pathinfo=pathinfo($filename);
return $pathinfo['extension'];
}
else
{
return 'Unkown';
}
}
Is an extension allow?
//
define ("EXT_ALLOWED",'mp3,wma,rm,mov,mid,swf,wmv');
function is_ext_allowed($ext)
{
$EXT_ALLOWED=explode(',',EXT_ALLOWED);
return in_array(strtolower($ext),$EXT_ALLOWED);
}
Upload error message:
function upload_error_message($err_code)
{
switch ($err_code)
{
case UPLOAD_ERR_OK:
return 'No error';
case UPLOAD_ERR_INI_SIZE:
$max_size=return_bytes(
ini_get('upload_max_filesize')
);
return 'The uploaded file exceeds
the upload_max_filesize directive
in php.ini: '.$max_size.' bytes';
case UPLOAD_ERR_FORM_SIZE:
return 'The uploaded file exceeds
the MAX_FILE_SIZE directive that
was specified in the HTML form.';
case UPLOAD_ERR_PARTIAL:
return 'The uploaded file
was only partially uploaded';
case UPLOAD_ERR_NO_FILE:
return 'No file was uploaded';
case UPLOAD_ERR_NO_TMP_DIR:
return 'Missing a temporary folder';
case UPLOAD_ERR_CANT_WRITE:
return 'Failed to write file to disk';
default:
return 'Unkown error';
}
}
Upload Processing...
switch ($_action)
{
case 'upload':
if(validate_upload_form())
{
upload_processing();
}
else
{
show_upload_form();
}
break;
default:
show_upload_form();
break;
1 comment:
pls can u help me im goin to mad of these
i still get error UPLOAD_ERR_NO_TMP_DIR
can u explain me how to handle this?
Post a Comment