Home »
Imported messages »
comp.lang.php »
My head is spinning
My head is spinning [message #169424] |
Sat, 11 September 2010 22:44 |
MikeB
Messages: 65 Registered: September 2010
Karma:
|
Member |
|
|
Please help me understand, my head is absolutely spinning and I can't
get my mind around this.
In the php.net site there is an example on uploading a file via a
form. http://www.php.net/manual/en/features.file-upload.post-method.php
This is the sample code for the form:
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?
Assuming I want to make it a variable in my PHP code, can I do this:
<?php
$MAX_FILE_SIZE = 30000;
echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<<<_END
<?
In other words, simply omitting the "value" clause in the form field?
And can I make that value a global constant somehow so that I can
later also test the actual size of the uploaded file in another
function?
Or do I have to do this:
<?php
$MAX_UPLOAD_SIZE = 30000;
echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE"
value="$MAX_UPLOAD_SIZE"/>
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<<<_END
<?
I'm also concerned that in the first instance, a malicious user can
modify the value and I will be hosed. Am I correct?
Thanks.
|
|
|
Goto Forum:
Current Time: Tue Nov 26 13:20:08 GMT 2024
Total time taken to generate the page: 0.03996 seconds