tags:

views:

45

answers:

4
Q: 

Storing the path of a file a user selects from the file input as a session variable to repopulate the field later

I am developing a script in PHP for uploading files to a MySQL database. There various things that need to selected in addition to the actual file that go into the database entry. The script needs to be designed so that it checks to make sure all of the proper selections have been made, and if they are not the script returns to the upload file state with the values the user had selected still populated. I have accomplished this for the select boxes of the from using session variables, however I can not figure out how to get the actual path of the file upload input to post. I can only seem to access the file name and not the actual path from the $_FILE array. I have also tried to do the following: 

echo "<input type='hidden' name='MAX_FILE_SIZE' value='8000000'>";
echo "<input type='hidden' name='remote_file_path' value=''>";
echo "<input name='userfile'type='file'
      onchange='document.uploadForm.remote_file_path.value=this.value;'>";

Naturally, the form name is "uploadForm". This works, but again when access the value of $_POST['remote_file_path'], I am only receiving the file name and not the path. After some investigation it appears that this is a security feature built into Fire Fox. I am starting to think it can't be done.

Thanks in advance.

A: 

You don't need the hidden fields, PHP will parse the posted data for you, and present it in the $_FILES array:

http://www.php.net/manual/en/features.file-upload.post-method.php

Josh Pearce  2009-11-12 18:51:25
The $_FILES array only gives the file name not the path. I was trying to get around it.
jpdbaugh  2009-11-12 19:03:43
From the documentation: $_FILES['userfile']['name'] - The original name of the file on the client machine.
Josh Pearce  2009-11-12 20:23:34
+2  A: 

You don't receive complete file path (in some browsers), and can't change an <input type=file> value (through scripting) in any of them, since those actions poses as security problems.

Rubens Farias  2009-11-12 18:53:19
so there is no way to do it?
jpdbaugh  2009-11-12 19:02:06
As far as I know, no
Rubens Farias  2009-11-12 19:23:56
+2  A: 

You can't populate file select text box for security reasons, just as you discovered. However, you don't really need to populate file text box to retain the uploaded files.

Every time, a file is uploaded to your server, move it to a secure location and also link it with the current session or user. Now, when you redisplay the form because user made some mistake (or wants to edit something), display the filename along side the empty file box. That way, user can see what files they have already uploaded. With some JavaScript you can give user the option to cross off the filename upon which they can fill up the file text box again and submit another file which will be processed in the server. if the file box is empty, previously submitted file would be assumed to be the valid one and processed.

Kailash Badu  2009-11-12 19:01:55
So once a file is uploaded it remains in the tmp directory on the server until it is replaced with another uploaded file? Meaning that the $_FILES['userfile']['tmp_name'] would retain the same directory upon a second post of the form by user as long as no new file has been selected via the input?
jpdbaugh  2009-11-12 19:19:42
Not exactly. $_FILES['userfile']['tmp_name'] would either be empty or replaced with new file depending on if anything was uploaded or not. That's why the original file needs to be moved to another secure location, give it an unique name, and may be save the name in the current session. If a newer file is uploaded delete the old one and process the newer one, else find the filename stored in the session, get hold of the file, and proceed with the further processing.
Kailash Badu  2009-11-12 19:47:49
A: 

Like many have said, you can't it is a security issue via HTTP. What happens when you upload an image from a local machine is the function fires off and creates the tmp_name to be accessed on the server.

However if you truly want this functionality you can use pure Java via an applet to get a local path. However what are you trying to do, there may be a better way of going about it rather than what you are thinking.

Dreamcube  2009-11-12 19:36:51

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?