rafal Posted October 12, 2014 Share Posted October 12, 2014 Hello everybody, i have an easy short code to upload multiple photos to "images" directory. after upload each file, i give it unique name. the problem i have is: i want see the name of uploaded files and print this using echo as in line 21. the line 21 gives me names but not the same names of uploaded files! thank you very much for your help. Rafal <?php foreach ($_FILES['file']['name'] as $i => $name) { $types = array("gif", "jpeg", "jpg", "png"); $temp = explode(".", $name); $extension = end($temp); if ($_FILES["file"]["size"][$i] < 10240000 && in_array($extension, $types)) { if ($_FILES["file"]["error"][$i] > 0) { echo "Return Code: " . $_FILES["file"]["error"][$i] . "<br>"; } else { if (file_exists("images/" . $name)) { } else { move_uploaded_file($_FILES["file"]["tmp_name"][$i], "images/" . uniqid() . "." . $extension); echo "uploaded " . $_FILES["file"] , uniqid() . "." . $extension ; echo "<br>"; } } } else { $error = "Invalid file"; } } ?> <html> <head> <title></title> </head> <body> <form enctype="multipart/form-data" action="photo.php" method="POST"> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="submit" value="upload"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
Frank_b Posted October 12, 2014 Share Posted October 12, 2014 (edited) Take a look to this example: <?php // be sure that dir/filename.ext will be a valid path and that you have write permissions $uploads_dir = 'uploads/'; // if we got something posted if($_SERVER['REQUEST_METHOD'] == 'POST') { // Let's see what the hack is into the $_FILES array for learning purposes echo '<pre>'; print_r($_FILES); echo '</pre>'; // walk through the error codes for each separate file foreach ($_FILES['file']['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { // now move the uploaded file to uploads/<filename> $tmp_name = $_FILES['file']['tmp_name'][$key]; $name = $_FILES['file']['name'][$key]; move_uploaded_file($tmp_name, $uploads_dir.$name); } } } ?> <html> <head> <title></title> </head> <body> <form enctype="multipart/form-data" action="" method="POST"> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="submit" value="upload"> </form> </body> </html> Edited October 12, 2014 by Frank_b Quote Link to comment Share on other sites More sharing options...
Frank_b Posted October 12, 2014 Share Posted October 12, 2014 Mention that move_uploaded_file() will overwrite files without any warning. Lot of developers give uploaded files unique names with help of current timestamp. The generated name AND the original name will be stored into the database. This solution protects you from files being overwrited. Quote Link to comment Share on other sites More sharing options...
rafal Posted October 12, 2014 Author Share Posted October 12, 2014 Dear Frank_B, thank you very much for your answer. i miss 2 functions in my an your code. first i need to add timestamp to each file, i dont know how. second i need to echo or print the name of uploaded files. i miss this 2 functions in your solution. thanks again Rafal Quote Link to comment Share on other sites More sharing options...
Frank_b Posted October 12, 2014 Share Posted October 12, 2014 add a timestamp to each file is a bit strange to hear. Do you mean that you want to add a timestamp to the filename? the php time() function gives you the current timestamp which is the number of second passed since January 1 1970 00:00:00 GMT. The original filename can be found under the $_FILES['file']['name'][$key] <?php // be sure that dir/filename.ext will be a valid path and that you have write permissions $uploads_dir = 'uploads/'; // if we got something posted if($_SERVER['REQUEST_METHOD'] == 'POST') { // walk through the error codes for each separate file foreach ($_FILES['file']['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { // now move the uploaded file to uploads/<filename> $tmp_name = $_FILES['file']['tmp_name'][$key]; $name = $_FILES['file']['name'][$key]; move_uploaded_file($tmp_name, $uploads_dir.$name); echo time() . '-' . $name . '<br>'; } } } ?> <html> <head> <title></title> </head> <body> <form enctype="multipart/form-data" action="" method="POST"> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="file" name="file[]" id="file" ><br> <input type="submit" value="upload"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 12, 2014 Share Posted October 12, 2014 Mention that move_uploaded_file() will overwrite files without any warning. Lot of developers give uploaded files unique names with help of current timestamp. The generated name AND the original name will be stored into the database. This solution protects you from files being overwrited. The reason to generate a unique filename isn't so that the images will not be overwritten. It is instead a security measure, so that you control what the image is, and that it is saved as an image. Some go so far as to create a new image, so that someone can't upload an image that has code in a comment tag (inside the image). You must think of security when accepting uploads of any kind. Like making sure the upload is coming from a client, and not a script. Or, that the $_FILES superglobal hasn't been hijacked (the manual tells you that it can), which is why you shouldn't trust it. For instance, I could upload a php file to your server through your script, even if you are checking $_FILES['file']['type'] to make sure it is an image. Quote Link to comment Share on other sites More sharing options...
Frank_b Posted October 12, 2014 Share Posted October 12, 2014 Yes, security is always the problem. In each case do not allow to store files with a .php extension or a .htaccess name! Thanks jcbones. Quote Link to comment Share on other sites More sharing options...
rafal Posted October 18, 2014 Author Share Posted October 18, 2014 dear JCbones, dear Frank_b, thank you very much. i solved the problem. and added login code to protect the page. the working version is attached <?php session_start(); $_logindaten = ARRAY("name"=>"carlos@yahoo.fr", "password"=>"5485457454444d"); if (isset($_POST["inp_name"]) && isset($_POST["inp_pwd"])) { if ($_logindaten["name"] == $_POST["inp_name"] && $_logindaten["password"] == md5($_POST["inp_pwd"])) { # Userdaten korrekt - User ist eingeloggt # Login merken ! $_SESSION["login"] = 1; } } if ($_SESSION["login"] != 1) { header ( 'Location:login.php' ); exit; } # User ist eingeloggt ?> <?php echo '<font face="Arial"><a href="login.php">Abmelden</a><br>'; echo '<H4>Fotos hochladen</H4>'; echo "Grösse der Fotos ist 500x282px<br><br>"; foreach ($_FILES['file']['name'] as $i => $name) { $types = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "xls", "bmp"); $temp = explode(".", $name); $extension = end($temp); if ($_FILES["file"]["size"][$i] < 1024000000 && in_array($extension, $types)) { if ($_FILES["file"]["error"][$i] > 0) { echo "Return Code: " . $_FILES["file"]["error"][$i] . "<br>"; } else { if (file_exists("cloud/" . $name)) { } else { move_uploaded_file($_FILES["file"]["tmp_name"][$i], "cloud/" . time() . "-" . $name); echo time() . '-' . $name . '<br>'; } } } else { $error = "Invalid file"; } } echo "</font>"; ?> <!DOCTYPE html> <html"> <head> <title>cloud</title> </head> <body> <br> <br> <form enctype="multipart/form-data" action="cloud.php" method="POST"> <input type="file" name="file[]" id="file"><br> <input type="file" name="file[]" id="file"><br> <input type="file" name="file[]" id="file"><br> <input type="file" name="file[]" id="file"><br> <input type="submit" value="Hochladen" style="width:100%; padding: 4px;"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 18, 2014 Share Posted October 18, 2014 You need to check for browser cross capability. I'm pretty sure IE sends png's as x-png, I think gif's are different as well, but that escapes me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.