This is mainly directed at Oracle...
How did you get the file uploader to keep the original filename? Because the input type="file" name="filename" in the form, results in $filename being the directory of the temporary files (/tmp/some_garbage_that_wasn't_the_actual_filename).
It works ok so far, but I want it also use a filename that *isn't* garbage.
Thanks
And how do I implement a size restriction?
[EDIT]And I know about the $_FILES['filename']['size'] variable...but is it possible to not allow user to upload at all (i.e. not even to the temp folder) a file too large, rather than going through the whole process, and realizing the it's too big?
Also, if a user uploads something enormous, it will still fill up my server - even if it's in the temp directory. Only for a little while, true, but it ruins the purpose of a size restriction.
If you had clicked the link above, you would have found out :roll: :wink: .
Quote:<form enctype="multipart/form-data" action="_URL_" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="30000"> <- this line (in bytes)
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
But it can easily be bypassed if the user nows how to do it.
Edit: Php.ini also contains a maximum upload size, so check with you host. Ie it's no good checking if the file is smaller than 3 mb, if there's an 'php.ini-max' of 2 mb.
I know...I used that. But are you sure it will immediately check? Because it seems to me it will still upload it to a temporary folder...
[EDIT]The file doesn't get copied, but it does upload, so if users try to go upload a file that's too large, they wait, and then my page shows up saying "Your file was added successfully", even though it wasn't. :-?
I'm 99% sure that's how you're going to have to do it Zack... I don't think there is another way. And hey... if you provide sufficient warning on the upload page about the maximum file size and they have to wait a long time for it to upload and then find it was too big well... that's their problem for not reading.
That's true.
And I fixed my other problems, so exciting news:
Users can upload their files *directly* to the database.
. . . all the pr0n you can imagine.
I dunno. RPG-DEV lets you add resources, and QBNZ lets you upload files. I asked them, and they never said that they get a lot of junk.
Plus, every oppurtunity I get I'll remove junk from the database.
Hah, I just got a file: red.jpg.php.txt, which when opened was actually a "myshell" utility, that was supposed to give the runner shell access to the server... some people are stupid, I guess.
Anyway zack, I suggest that you make the users submit an email address and name with the file, and also get their IP through $REMOTE_ADDR and put that in the database as well, so if it is rubbish you can do something about it in the future (perhaps an IP banlist for the upload feature).