How to get full filepath when uploading files in PHP?
https://stackoverflow.com/questions/5816666
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I really want to know how am I gonna get the full filepath when I upload a file in PHP?
Here's my my problem...
I am importing a csv file in PHP. Uploading a file isn't a problem but the function used to import csv files which is fgetcsv() requires fopen. fopen is the one giving me a headache because it requires an exact filepath which means that the file should be in the same directory with the php file. What if the user gets a file from a different directory.
Here's my codes:
index.php:
<form action="csv_to_database.php" method="POST" enctype="multipart/form-data">
<input type="file" name="csv_file" />
<input type="submit" name="upload" value="Upload" />
</form>
csv_import.php:
<?php
if ($_FILES['csv_file']['error'] > 0) {
echo "Error: " . $_FILES['csv_file']['error'] . "<br />";
}else{
if (($handle = fopen($_FILES['csv_file']['name'], "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
for ($c=0; $c < count($data) ; $c++) {
echo $data[$c] . " ";
}
echo "<br />";
}
fclose($handle);
}
}
?>
fopen here can only get the filename which is passed by the variable $_FILES['csv_file']['name']. I was trying to get any functions to get the full filepath for $_FILES in the internet but can't find any.
I am very new to web development so pls be patient. Pls answer as simple as possible... Pls help...
Solution
The ['name'] refers to the original filename on the users computer. That's no use to you, in particular because it might be empty. (Or it can contain fake values, causing a directory traversal exploit. So, just avoid it.)
You need to use the ['tmp_name'] which is a server-absolute path like /tmp/upload85728 that can be used for fopen() or move_uploaded_file().
OTHER TIPS
I was able to successfully imported csv file and stored it in the mysql database.
Here are the the codes (actually its almost the same as my question with some slight changes with great effect):
index.php:
<form action="csv_import.php" method="POST" enctype="multipart/form-data" >
<input type="file" name="csv_file" />
<input type="submit" name="upload" value="Upload" />
</form>
csv_import.php:
<?php
if ($_FILES['csv_file']['error'] > 0) {
echo "Error: " . $_FILES['csv_file']['error'] . "<br />";
}else{
if (($handle = fopen($_FILES['csv_file']['tmp_name'], "r")) !== FALSE) {
$dbconn = mysql_connect("localhost", "root", "") or die("Couldn't connect to server!");
mysql_select_db("csv_test") or die("Couldn't find database!");
$ctr = 1; // used to exclude the CSV header
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
if ($ctr > 1) mysql_query("INSERT INTO ninja_exer (name, village, country) VALUES ('$data[1]', '$data[2]', '$data[3]')");
else $ctr++;
}
fclose($handle);
}
}
?>
you need to define a path into your config file or wherever you want to use and then that variable whatever you define, you can use in you project.
i.e: define('FILE_UPLOADED_PATH','folder1/folder2/so on');
so after the put this code your full filepath would be-
FILE_UPLOADED_PATH.$_FILES['csv_file']['name'];
you can use above code as example.
Thanks.
