PHP & MySQL for Dummies- P7

Tham khảo tài liệu php & mysql for dummies- p7, công nghệ thông tin, cơ sở dữ liệu phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
Nội dung trích xuất từ tài liệu:
PHP & MySQL for Dummies- P7 Chapter 8: Data In, Data Out 281 $_FILES[‘fieldname’][‘name’] $_FILES[‘fieldname’][‘type’] $_FILES[‘fieldname’][‘tmp_name’] $_FILES[‘fieldname’][‘size’] For example, suppose that you use the following field to upload a file, as shown in the preceding section: If the user uploads a file named test.txt by using the form, the resulting array that can be used by the processing program looks something like this: $_FILES[user_file][name] = test.txt $_FILES[user_file][type] = text/plain $_FILES[user_file][tmp_name] = D:WINNTphp92C.tmp $_FILES[user_file][size] = 435 In this array, name is the name of the file that was uploaded, type is the type of file, tmp_name is the path/filename of the temporary file, and 435 is the size of the file. Notice that name contains only the filename, but tmp_name includes the path to the file as well as the filename. If the file is too large to upload, the tmp_name in the array is set to none, and the size is set to 0. The processing program must move the uploaded file from the temporary location to a permanent location. The general format of the statement that moves the file is as follows: move_uploaded_file(path/tempfilename,path/permfilename); The path/tempfilename is available in the built-in array element $_FILES [‘fieldname’][‘tmp_file’]. The path/permfilename is the path to the file where you want to store the file. The following statement moves the file uploaded in the input field, given the name user_file, shown earlier in this section: move_uploaded_file($_FILES[‘user_file’][‘tmp_name’], ‘c:data ew_file.txt’); The destination directory (in this case, c:data) must exist before the file can be moved to it. This statement doesn’t create the destination directory. Allowing strangers to load files onto your computer is a security risk; some- one might upload malicious files. You want to check the files for as many fac- tors as possible after they’re uploaded, using conditional statements to check file characteristics, such as expected file type and size. In some cases, for even more security, it might be a good idea to change the name of the file to some- thing else so that users don’t know where their files are or what they’re called.Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 282 Part III: PHP Putting it all together A complete example script is shown in Listing 8-19. This program displays a form for the user to upload a file, saves the uploaded file, and then displays a message after the file has been successfully uploaded. That is, this program both displays the form and processes the form. This program expects the uploaded file to be an image file and tests to make sure that it’s an image file, but any type of file can be uploaded. The HTML code that formats and dis- plays the form is in a separate file — the include file shown in Listing 8-20. A Web page displaying the form is shown in Figure 8-15. Listing 8-19: Uploading a File with a POST Form Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 8: Data In, Data Out 283 Here’s how Listing 8-19 works: ➝5 This line is an if statement that tests whether the form has been submitted. If not, you can display the form by including the file con- taining the form code. The include file is shown in Listing 8-20. ➝9 This line starts an else block that executes if the form has been submitted. This block contains the rest of the script and pro- cesses the submitted form and uploaded file. ...