tailieunhanh - PHP and MySQL Web Development - P75

PHP and MySQL Web Development - P75: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | 342 Chapter 16 Interacting with the File System and the Server Listing Continued if move_uploaded_file userfile upfile echo Problem Could not move file to destination directory exit else echo Problem Possible file upload attack. Filename . userfile_name exit older versions code as recommended in PHP manual function is_uploaded_file filename if tmp_file get_cfg_var upload_tmp_dir tmp_file dirname tempnam tmp_file . . basename filename User might have trailing slash in . return ereg_replace tmp_file filename if is_uploaded_file userfile copy userfile upfile else echo Problem Possible file upload attack. Filename . userfile_name end older version echo File uploaded successfully br br reformat the file contents fp fopen upfile r contents fread fp filesize upfile fclose fp contents strip_tags contents fp fopen upfile w fwrite fp contents fclose fp Introduction to File Upload 343 Listing Continued show what was uploaded echo Preview of uploaded file contents br hr echo contents echo br hr body html Interestingly enough most of this script is error checking. File upload involves potential security risks and we need to mitigate these where need to validate the uploaded file as carefully as possible to make sure it is safe to echo to our visitors. Let s go through the main parts of the script. We begin by checking the error code returned in HTTP_POST_FILES userfile ll error error code was introduced at PHP . From PHP there is also a constant associated with each of the codes. The possible constants and values are as follows UPLOAD_ERROR_OK value 0 means no error occurred. UPLOAD_ERR_INI_SIZE value 1 means that the size of the uploaded file exceeds the maximum value specified in your file with the upload_max_ filesize directive. UPLOAD_ERR_FORM_SIZE value 2 means that the size of the uploaded file exceeds the maximum value specified in the HTML form in the MAX_FILE_SIZE element. UPLOAD_ERR_PARTIAL value 3 means that the .