Search
 
SCRIPT & CODE EXAMPLE
 

PHP

cant upload file to directory php


You'd better check $_FILES structure and values throughly.
The following code cannot cause any errors absolutely.

Example:
<?php

header('Content-Type: text/plain; charset=utf-8');

try {
    
    // Undefined | Multiple Files | $_FILES Corruption Attack
    // If this request falls under any of them, treat it invalid.
    if (
        !isset($_FILES['upfile']['error']) ||
        is_array($_FILES['upfile']['error'])
    ) {
        throw new RuntimeException('Invalid parameters.');
    }

    // Check $_FILES['upfile']['error'] value.
    switch ($_FILES['upfile']['error']) {
        case UPLOAD_ERR_OK:
            break;
        case UPLOAD_ERR_NO_FILE:
            throw new RuntimeException('No file sent.');
        case UPLOAD_ERR_INI_SIZE:
        case UPLOAD_ERR_FORM_SIZE:
            throw new RuntimeException('Exceeded filesize limit.');
        default:
            throw new RuntimeException('Unknown errors.');
    }

    // You should also check filesize here. 
    if ($_FILES['upfile']['size'] > 1000000) {
        throw new RuntimeException('Exceeded filesize limit.');
    }

    // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
    // Check MIME Type by yourself.
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    if (false === $ext = array_search(
        $finfo->file($_FILES['upfile']['tmp_name']),
        array(
            'jpg' => 'image/jpeg',
            'png' => 'image/png',
            'gif' => 'image/gif',
        ),
        true
    )) {
        throw new RuntimeException('Invalid file format.');
    }

    // You should name it uniquely.
    // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
    // On this example, obtain safe unique name from its binary data.
    if (!move_uploaded_file(
        $_FILES['upfile']['tmp_name'],
        sprintf('./uploads/%s.%s',
            sha1_file($_FILES['upfile']['tmp_name']),
            $ext
        )
    )) {
        throw new RuntimeException('Failed to move uploaded file.');
    }

    echo 'File is uploaded successfully.';

} catch (RuntimeException $e) {

    echo $e->getMessage();

}

?>

Comment

PREVIOUS NEXT
Code Example
Php :: create migration command in laravel 
Php :: artisan app name 
Php :: wp_delete_attachment unlink 
Php :: json_decode php multidimensional array 
Php :: how to fetch associate data from csv in php 
Php :: lookup token information in vault 
Php :: php get time past midnight 
Php :: xdebug phpstorm 
Php :: return pdft download and back with msg in laravel 
Php :: php get error 
Php :: CONVERTIR TABLEAU EN CHAINE DE CARACTÈRE PHP 
Php :: Laravel Extract Values From Collection Using Pluck() with Relationship 
Php :: Csv To AssoT Php 
Php :: Uncaught RedisException: Redis server went away in 
Php :: add filter in wordpress 
Php :: netchainmedia 
Php :: shortcode wordpress form 
Php :: post rest drupal 
Php :: phpmailer send email to multiple addresses 
Php :: Magento 2 create admin module 
Php :: if user not signed in redirected to login laravel from route 
Php :: polymorphism in php 
Php :: trim php 
Php :: cakephp 3 make migration 
Php :: laravel package development 
Php :: what is route namespace in laravel 
Php :: gate and policy in laravel 
Php :: laravel collection 
Php :: laravel property 
Php :: laravel 8 login logout 
ADD CONTENT
Topic
Content
Source link
Name
9+9 =