FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » My head is spinning
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
My head is spinning [message #169424] Sat, 11 September 2010 22:44 Go to previous message
MikeB is currently offline  MikeB
Messages: 65
Registered: September 2010
Karma:
Member
Please help me understand, my head is absolutely spinning and I can't
get my mind around this.

In the php.net site there is an example on uploading a file via a
form. http://www.php.net/manual/en/features.file-upload.post-method.php

This is the sample code for the form:

<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>

Is MAX_FILE_SIZE passed to PHP as $MAX_FILE_SIZE?

Assuming I want to make it a variable in my PHP code, can I do this:

<?php

$MAX_FILE_SIZE = 30000;

echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<<<_END
<?

In other words, simply omitting the "value" clause in the form field?

And can I make that value a global constant somehow so that I can
later also test the actual size of the uploaded file in another
function?

Or do I have to do this:

<?php

$MAX_UPLOAD_SIZE = 30000;

echo <<<_END
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE"
value="$MAX_UPLOAD_SIZE"/>
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<<<_END
<?

I'm also concerned that in the first instance, a malicious user can
modify the value and I will be hosed. Am I correct?

Thanks.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: php filling in listbox value based on db record ??
Next Topic: Re: Another heredoc question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 13:20:08 GMT 2024

Total time taken to generate the page: 0.03996 seconds