Because it is requested so much I wrote up a sample upload.php.
This file is included in the sample folder since SWFUpload v2.0.2. It can be download from the SVN repository here.
This sample file tries to follow best practices (or at least mentions them) for accepting file uploads in PHP.
We are open to suggestions if you think any changes should be made to the sample file.
January 11, 2008 - 7:13am
i'v tried this but it doesn't works on my website. Can you give me a zip where you are the upload.php sample working with swfupload please ?
January 11, 2008 - 7:32am
i have the latest version 2.0.2 release and i've tried with demos/multiuploaddemo/ your upload.php sample with this demo, so i've trieds upload the same file twice, file uploaded and after it say upload error: 500. I've opened your source and i found errors duplication and extensions code but i think it doesn't work .
SO can you give me an archive contains the multiuploaddemo with your upload.php sample please.
best regards !
January 11, 2008 - 7:39am
do you think it's possible to echo the speed uploading and time remaining about upload and / or for all ?
thks!
Best regards
January 11, 2008 - 12:50pm
All the files you have asked for are included in the SWFUpload download package. This upload.php is found under the Samples folder..
This script is a general upload script. It may not work out of the box for you depending on what you are doing.
I'm not sure what you mean by "errors duplication and extensions code". If you are talking about the extension checking then you need to make sure that the extensions you are allowing in your SWFUpload settings are also placed in the allowed extensions in this upload.php. If you are allowing *.* then you should comment out the extension checking parts.
I tested this script with the Multi-upload demo on IIS 5.0/Windows XP. You're server configuration may be different and you will likely have to tweak the script.
January 11, 2008 - 1:37pm
RE: other features
Please re-post your question as a new thread.
Please stay on topic. It makes it easier for others to find answers to similar questions in the future!
Thanks.
January 11, 2008 - 4:48pm
can you give me this file please ?
So i wanna the index of multiupload with the sample upload.php features like: file extension, file existing,..., can you make me this file please ?
thks best regrads
February 7, 2008 - 7:25am
tried that upload.php file and its working smoothly (php warnings aside).
February 7, 2008 - 7:03pm
Hello,
I want to know what this statement mean:
if (!@move_uploaded_file($_FILES[$upload_name]["tmp_name"], $save_path.$file_name)) {
HandleError("File could not be saved: ". $save_path.$file_name);
exit(0);
}
I assume it has to do with processing the file(s) upload to the appropriate destination folder...but I am unclear of the use of the bang with move_uploaded_file and how it results in the successful file upload, I am expecting an elseif statement after the if statement for a successful condition of the move_uploaded_file, e.g elseif (move_uploaded_file($_FILES[...]), I hope my question makes sense...
thanx
February 8, 2008 - 4:16am
It will attempt to move the file. If it succeeds there is no warning displayed and the uploader will continue, else it well return the warning.
February 14, 2008 - 1:12pm
You may want to add a custom error handler:
set_error_handler('flash_error_handler');
function flash_error_handler() {
header('HTTP/1.1 500 Internal Server Error');
return false;
}
(return false so that the normal php error handler continues) (or just do die(); whichever you want..)
February 19, 2008 - 2:14pm
RE:
if (!move_uploaded_file(blah, blah)) {
// failed to move
}
So, move_uploaded_file is executed inside the if statement (PHP tries to save the uploaded file). move_uploaded_file returns true or false which is checked in the if conditional (which is also a statment).
It could have been written like so:
$saved = move_uploaded_file(blah, blah);
if (!$saved) {
// failed to move
}
If I were to call move_uploaded_file in both the if and in an else if then I would actually be trying to save the file twice (if the first attempt failed).
February 19, 2008 - 2:19pm
My PHP is somewhat out of date so the use of @ might not be best practice.
One downside to @ is that if the error is fatal the script just ends with no error messages anywhere.
If anyone wants to update the sample file with proper PHP error handling that'd be great.
February 24, 2008 - 2:47am
If you don't know why you're getting a 500 error on the sample upload.php script, it's most likely a permissions error coming from this part:
if (!@move_uploaded_file($_FILES[$upload_name]["tmp_name"], $save_path . $file_name)) {
HandleError("File could not be saved.");
exit(0);
}
You need to change your permissions on $save_path . $file_name.
April 9, 2008 - 8:17am
Also something which caused me a lot of searching: the
$extension_whitelistvariable is case sensitive. You'll get error 500 when uploading a .JPG file, if only .jpg is whitelisted. Once whitelisted it works like a charm!April 15, 2008 - 6:08pm
I fixed the script in the svn trunk so the extension comparison is not case sensitive.
Thanks for the feedback!
June 29, 2008 - 8:02am
Hello!
In the demo page, we can see the javascript defined settings:
var settings = {flash_url : "swfupload_f9.swf",
upload_url: "upload.php", // Relative to the SWF file
post_params: {"PHPSESSID" : "<?php echo session_id(); ?>"},
file_size_limit : "100 MB",
file_types : "*.*",
file_types_description : "All Files",
file_upload_limit : 100,
file_queue_limit : 0,
custom_settings : {
progressTarget : "fsUploadProgress",
cancelButtonId : "btnCancel"
},
etc...
But, in the sample upload.php file, we don't use it??? for file_size_limit as an example... -> why we don't find the value of that param in the
$max_file_size_in_bytes = 2147483647;??And with editing a post_param, how to use it in the upload.php file? just like a simple $_POST??
June 30, 2008 - 9:58am
One reason we don't send the JavaScript settings to the upload.php is because it is trivial for a client to modify the data sent to the server and then our upload.php imposed security is completely void because the client gets to determine everything.
So, if you set 100 MB limit in JavaScript you should also set a 100 MB limit in upload.php. Passing this setting from JavaScript to upload.php is a security hole.
-----
For swfupload_f9.swf all post_param and "AddFileParam" parameters are posted to the server and are available in $_POST in PHP. For swfupload_f8.swf all post_param and "AddFileParam" parameters are passed in the Query String to the server and are available in $_GET.
October 21, 2008 - 1:35am
Hi guys im newbie here but this one would give you an idea..
I made my own script called Upload.php try this..
Hope this help..
Step1: Just create a DIR called " uploads " dont forget to 777 if you're running with linux..
step2: copy this script and save as " upload.php" and put it into your folder root where your files located..
<?php
// Work-around for setting up a session because Flash Player doesn't send the cookies
if (isset($_POST["PHPSESSID"])) {
session_id($_POST["PHPSESSID"]);
}
session_start();
// Settings
//$save_path = getcwd() . "uploads/";
$target = "uploads/";
$upload_name = "Filedata";
$max_file_size_in_bytes = 2147483647; // 2GB in bytes
$extension_whitelist = array("jpg", "gif", "png", "DOC", "doc", "txt"); // Allowed file extensions
$valid_chars_regex = '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'; $target = $target . basename( $_FILES[$upload_name]['name']) ;
$ok=1;
$file_name = "";
$file_extension = "";
$uploadErrors = array(
0=>"There is no error, the file uploaded with success",
1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini",
2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form",
3=>"The uploaded file was only partially uploaded",
4=>"No file was uploaded",
6=>"Missing a temporary folder"
);
if(@move_uploaded_file($_FILES[$upload_name]['tmp_name'], $target))
{
echo "There was a problem with the upload";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>
November 4, 2008 - 2:02pm
You built in a HandleError function, but I don't only want to receive the 500 errors. So how can I implement the text-error-messages from each issue, so that it is displayed in the queue?
November 4, 2008 - 2:53pm
you have to return 200 and in uploadSuccess read the serverData. Then pretend there was an error and handle it however you need.
February 14, 2009 - 9:08pm
edited, please see below
February 14, 2009 - 9:08pm
ive edited swfupload.js to the following:
SWFUpload.prototype.uploadSuccess = function (file, serverData) {
file = this.unescapeFilePostParams(file);
if (serverData=='')
{
this.queueEvent("upload_success_handler", [file, serverData]);
}
else
{
this.queueEvent("upload_error_handler", [file, serverData, "xxx"]);
}
};
Is this what you had in mind?
it seems to do the trick
February 16, 2009 - 10:19am
That would work. You might want to use caution in modifying swfupload.js unless you are prepared to migrate your modifications to new versions of SWFUpload as they're released.
You can do the same thing from the uploadSuccess handler:
function uploadsuccess(file, serverdata) {
if (serverdata == "") {
// everything was fine
} else {
// handle the error
}
}
May 18, 2009 - 6:18am
Hi,
I am using SWF Upload but it is not uploading files on the server. I have also used the upload.php provided in samples. But no benefit. Please help me.
---
Thanks
PHPOpenSource