File upload

• In your "php.ini" file, search for

the file_uploads directive, and set it to On:
• file_uploads = On
Creating an html form
• Next, create an HTML form that allow users to c
<!DOCTYPE html>
<html>
<body>

<form action="upload.php" method="post" enctype="multipart/form-

data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>

</body>
</html>
 Upload.php
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType
= strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
• You will need to create a new directory called
"uploads" in the directory where "upload.php"
file resides. The uploaded files will be saved
there.
 Check if File Already Exist

if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
 • Limit File Size

• we want to check the size of the file. If the file

is larger than 500KB, an error message is
displayed, and $uploadOk is set to 0:
if ($_FILES["fileToUpload"]["size"] > 500000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
 Limit File Type

• if($imageFileType != "jpg" &&

$imageFileType != "png" && $imageFileType !
= "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files
are allowed.";
$uploadOk = 0;
}
 Now complete it
<?php

$target_dir = "uploads/";

$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

$uploadOk = 1;

$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

if(isset($_POST["submit"])) {

$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);

if($check !== false) {

echo "File is an image - " . $check["mime"] . ".";

$uploadOk = 1;

} else {
•
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}

if ($_FILES["fileToUpload"]["size"] > 500000) {

echo "Sorry, your file is too large.";
$uploadOk = 0;
}
if($imageFileType != "jpg" && $imageFileType != "png" &&
$imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
$target_file)) {
echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]
["name"])). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
Php filters
Validating data = Determine if the data is in
proper form.
Sanitizing data = Remove any illegal character
from the data.
PHP filters are used to validate and sanitize
external input.
<!DOCTYPE html>
<html>
<head>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
th, td {
padding: 5px;
}
</style>
</head>
<body>
<table>
<tr>
<td>Filter Name</td>
<td>Filter ID</td>
</tr>
<?php
foreach (filter_list() as $id =>$filter) {
echo '<tr><td>' . $filter . '</td><td>' . filter_id($filter) . '</td></tr>';
}
?>
</table>

</body>
</html>
• <?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str,
FILTER_SANITIZE_STRING);
echo $newstr;
?>
 Validating integer
• <?php
$int = 100;

if (!filter_var($int, FILTER_VALIDATE_INT) ===

false) {
echo("Integer is valid");
} else {
echo("Integer is not valid");
}
?>
• <?php
$int = 0;

if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !

filter_var($int, FILTER_VALIDATE_INT) === false) {
echo("Integer is valid");
} else {
echo("Integer is not valid");
}
?>
 Validating ip address
• <?php
$ip = "127.0.0.1";

if (!filter_var($ip, FILTER_VALIDATE_IP) === false)

{
echo("$ip is a valid IP address");
} else {
echo("$ip is not a valid IP address");
}
?>
 Validating e-mail
• <?php
$email = “your email";

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {

echo("$email is a valid email address");
} else {
echo("$email is not a valid email address");
}
?>
 Validating url
• <?php
$url = “url of your choice";

$url = filter_var($url, FILTER_SANITIZE_URL);

if (!filter_var($url, FILTER_VALIDATE_URL) === false) {

echo("$url is a valid URL");
} else {
echo("$url is not a valid URL");
}
?>
 Advance email
Validate an Integer Within a Range:
<?php
$int = 122;
$min = 1;
$max = 200;

if (filter_var($int,
FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "ma
x_range"=>$max))) === false) {
echo("Variable value is not within the legal range");
} else {
echo("Variable value is within the legal range");
}
?>
 Validate IPv6 Address

• <?php
$ip = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";

if (!filter_var($ip, FILTER_VALIDATE_IP,
FILTER_FLAG_IPV6) === false) {
echo("$ip is a valid IPv6 address");
} else {
echo("$ip is not a valid IPv6 address");
}
?>
 Validate URL - Must Contain QueryString

• <?php
$url = "https://www.w3schools.com";

if (!filter_var($url, FILTER_VALIDATE_URL,
FILTER_FLAG_QUERY_REQUIRED) === false) {
echo("$url is a valid URL with a query string");
} else {
echo("$url is not a valid URL with a query string");
}
?>
 Remove Characters With ASCII Value > 127

• <?php
$str = "<h1>Hello WorldÆØÅ!</h1>";

$newstr = filter_var($str,
FILTER_SANITIZE_STRING,
FILTER_FLAG_STRIP_HIGH);
echo $newstr;
?>