Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend


The second method of uploading scripts is done by uploading a script that exists elsewhere on the Internet—for example, an image file hosted on your favorite Web site or a text file that exists on a university Web server.

Using this method, you specify the location of the file, such as http://www.myserver.com/files/news.txt, in the form field. After you click the Upload button, you should notice the new file in the directory that you specified for storing the uploaded files.

Create the script in Listing 3 (without the line numbers) in a text editor and name it upload2.php. This script allows you to upload a file from your local file system.

See the "How the Script Works" section after the script for line-by-line details on the script.

Listing 3: upload2.php

1. <html>
2. <head>
3. <title>File Upload Script 2</title>
4. </head>
5. <body>
6. <?
7. if(isset($submit)) {
8. $uploaddir = "/full/path/to/your/upload/directory/";
9. $newfile = $uploaddir . $filename;
10. $remote = fopen($file, "rb");
11. $local = fopen($newfile, "wb");
12. $buffer = fread($remote, 2097152);
13. if(fwrite($local, $buffer)) { 
14. print("<h3>UPLOAD SUCCESSFUL!</h3>"); 
15. } else {
16. print("<h3>ERROR UPLOADING FILE!</h3>");
17. }
18. fclose($remote);
19. fclose($local);
20. } else {
21. ?>
22. <form action="upload2.php" method="POST" 
[ccc] enctype="multipart/form-data">
23. <input type="hidden" name="MAX_FILE_SIZE" value="2097152">
24. <br>File URL:<input type="text" name="file">
25. <br>Name of file on server: <input type="text" name="filename">
26. <br><input type="submit" name="submit" value="UPLOAD">
27. </form>
28. <?
29. } 
30. ?>
31. </body>
32. </html>

How the Script Works


These lines are the normal HTML used to start the script.


This line starts the PHP portion of the script.


Here, the script checks whether the Submit button has been pushed. If it has, then it executes the code starting on line 8. Otherwise, the script continues executing from line 20.


This line sets the $uploaddir variable. This variable should be set to the full path of the directory where you want to upload your files.


This line sets the $newfile variable. The $newfile variable is a combination of the $uploaddir variable and the $filename variable that is input into the form. This creates a variable to the full path and filename of the file you are uploading.


This line opens remote file using the fopen function. The rb tells the function to open the file for reading a file using binary data exchange (in most cases, the binary method will open text files without any problems).


Line 11 opens a file on the local file system using the $newfile variable as the path and filename that it should open. It is opening the file with the wb option, which means to write a binary file. In essence, PHP is creating a new file.


In this line, the function fread reads the remote file for a length of 2,097,125 bytes (the default max_upload_filesize for PHP) into a buffer called $buffer.


In line 13, the script attempts to write the buffer to the newfile. If the write is successful, then line 14 is executed. Otherwise, lines 15–17 are executed.


This line simply notifies the user that the upload was successful.


Lines 15–17 are executed if there is an error. Line 14 tells the user of the error.


These lines close the open files.


This line begins the second half of the script, which is the half that is executed if the Upload button (named $submit) is not pushed.


These lines print out the form that asks the user for the file and a filename to upload.


This line ends the if statement that started on line 7.


These lines close out the script.

  • + Share This
  • 🔖 Save To Your Account