Posted by Rik Wasmus on 11/29/07 22:03

On Thu, 29 Nov 2007 22:47:30 +0100, Truck Estevez <oohtruck@gmail.com> =

wrote:

> I'm trying to build an upload form in php that will do the following
> things:
>
> - have the option to upload 10 unique files

You can't control the uniqueness client-side. You could try comparing an=
=

hash (md5_file()) server side... The rest is just creating 10 file-input=
s =

in html.

> - only allow certain filetypes to be uploaded

Not possible to limit filetypes on upload using PHP. I don't think =

javacript will either. The most you can hope for client-side is a coded =
=

limit on extension. Even that is not trustworthy. On the server, you'll =
=

have a hrad time checking validity of certain files too. You can filter =
on =

extension again, that's not reliable though. The same goes for checking =
=

mime-type. There are some tricks to check for certain files. We cannot =

tell you unless you specify what types you want.

> - rename each file depending on whats specified in a corresponding
> dropdown menu

move_uploaded_file($_FILES['input_name']['tmp_name'],'/path/to/dir/'.$_P=
OST['chosen_name']);

Check for validity of the chosen name though: no slashes allowed (we don=
't =

want to end up somewhere else if the user chooses =

'../../something/sensitive'.

> - have three text fields that are spit into a text document (or an
> easier, better alternative... that info just needs to be visible
> somewhere)

$fh =3D fopen('bla.txt','w');
fwrite($fh,$_POST['field1'].$_POST['field2'].$_POST['field3']);
fclose($fh);

> - move the renamed, uploaded files into a unique directory that is
> named after one of the text fields

See move_uploaded_file(), mkdir(), and if that fails possible read up on=
=

safe_mode.
-- =

Rik Wasmus

[Back to original message]