Write For Us
php

How to check whether the user uploaded a file in PHP?

Viewed   85 times

I do some form validation to ensure that the file a user uploaded is of the right type. But the upload is optional, so I want to skip the validation if he didn't upload anything and submitted the rest of the form. How can I check whether he uploaded something or not? Will $_FILES['myflie']['size'] <=0 work?

 Answers

1

You can use is_uploaded_file():

if(!file_exists($_FILES['myfile']['tmp_name']) || !is_uploaded_file($_FILES['myfile']['tmp_name'])) {
    echo 'No upload';
}

From the docs:

Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

EDIT: I'm using this in my FileUpload class, in case it helps:

public function fileUploaded()
{
    if(empty($_FILES)) {
        return false;       
    } 
    $this->file = $_FILES[$this->formField];
    if(!file_exists($this->file['tmp_name']) || !is_uploaded_file($this->file['tmp_name'])){
        $this->errors['FileNotExists'] = true;
        return false;
    }   
    return true;
}
Sunday, October 30, 2022
 
scheff's_cat-02005722441a
 
scheff's_cat-02005722441a
2

For a simple fix that would require no server side changes, I would use the HTML5 File API to check the size of the file before uploading. If it exceeds the known limit, then cancel the upload. I believe something like this would work:

function on_submit()
{
  if (document.getElementById("upload").files[0].size > 666)
  {
    alert("File is too big.");
    return false;
  }

  return true;
}

<form onsubmit="return on_submit()">
<input id="upload" type="file" />
</form>

Obviously it's just a skeleton of an example, and not every browser supports this. But it wouldn't hurt to use this, as it could be implemented in such a way that it gracefully degrades into nothing for older browsers.

Of course this doesn't solve the issue, but it will at least keep a number of your users happy with minimal effort required. (And they won't even have to wait for the upload to fail.)

--

As an aside, checking $_SERVER['CONTENT_LENGTH'] vs the size of the post and file data might help detect if something failed. I think it when there is an error it will be non zero, while the $_POST and $_FILES would both be empty.

Monday, October 24, 2022
 
alexander_anikin
 
alexander_anikin
5

Here's what worked best for me when trying to script this (in case anyone else comes across this like I did):

$ pecl -d php_suffix=5.6 install <package>
$ pecl uninstall -r <package>

$ pecl -d php_suffix=7.0 install <package>
$ pecl uninstall -r <package>

$ pecl -d php_suffix=7.1 install <package>
$ pecl uninstall -r <package>

The -d php_suffix=<version> piece allows you to set config values at run time vs pre-setting them with pecl config-set. The uninstall -r bit does not actually uninstall it (from the docs):

vagrant@homestead:~$ pecl help uninstall
pecl uninstall [options] [channel/]<package> ...
Uninstalls one or more PEAR packages.  More than one package may be
specified at once.  Prefix with channel name to uninstall from a
channel not in your default channel (pecl.php.net)

Options:
  ...
  -r, --register-only
        do not remove files, only register the packages as not installed
  ...

The uninstall line is necessary otherwise installing it will remove any previously installed version, even if it was for a different PHP version (ex: Installing an extension for PHP 7.0 would remove the 5.6 version if the package was still registered as installed).

Monday, December 12, 2022
 
shankar_damodaran
 
shankar_damodaran
3

How about this:

new RandomAccessFile(fileName).setLength(0);
Saturday, August 20, 2022
 
zeroef
 
zeroef
4

Never used any of those, but they look interesting..

Take a look at Gearman as well.. more overhead in systems like these but you get other cool stuff :) Guess it depends on your needs ..

Friday, November 11, 2022
 
the_falvert
 
the_falvert
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
 
Share
Related Answers
83
 How to check if letter is upper or lower in PHP?
76
 How to detect if a user uploaded a file larger than post_max_size?
48
 How to check whether SELECT EXISTS returns a value or not?
65
 How to check each rows for DATE and DATETIME in PHP MySQL?
60
 How to get only the TAGS of a PRODUCT in view.phtml in Magento 1.7.0.2?
54
 How to make sure the user cannot interrupt execution of php code called by “register_shutdown_function”?
83
 How do you determine the size of a file in C?
95
 How to check if time is between two times in PHP
42
 How to check if the user can go back in browser history or not
98
 How to check existence of user-define table type in SQL Server 2008?
Top Answers Related To

php

93
 where can I find the php.ini for php-cli
130
 Change PHP version on server using either .htaccess or php.ini
81
 PHP - Application config file stored as - ini,php,sql,cached,php class,JSON,php array?
220
 How to enable extensions for oci8 (Oracle) in php.ini - PHP Warning: PHP Startup: in Unknown on line 0
204
 PHP - converting XML to array in PHP - parsing a soap xml in php and storing it in database
167
 PHP Fatal error: Class 'MyApp\Chat' not found in /MyApp/chat-server.php
79
 how to write PHP module in C
77
 Linking a PHP Extension Written in C
104
 Compiling a php extension with Visual Studio 2008, MODULE ID don't match with php
77
 Prevent PHP from parsing non-PHP files such as someFile.php.txt
Write For Us · Blog · Privacy · Faqs · Terms of Use · Contact us ·