Nowhere can I find an example of uploading a picture to the server not from a form, but from a POST request. Help redo this php.net example:

<?php // В PHP 4.1.0 и более ранних версиях следует использовать $HTTP_POST_FILES // вместо $_FILES. $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "Файл корректен и был успешно загружен.\n"; } else { echo "Возможная атака с помощью файловой загрузки!\n"; } echo 'Некоторая отладочная информация:'; print_r($_FILES); print "</pre>"; ?>

    1 answer 1

    A form is a set of named data, POST / GET / PUT / DELETE / REQUEST are data transfer methods. The transfer basically goes through the request body (your POST), or the request parameters (GET - you cannot get the file through it). The form only helps you to conveniently upload the file via the POST method to the server. You need to read about the transfer of parameters from the outside.

    The given file upload example is correct. The file transfer from the form / request will be carried out by the POST method. This example has its own problems, for example, there is no is_uploaded_file function that checks whether the file is loaded or not that it is a picture that is loaded, implemented this check in the code below.

     <?php $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if(!is_uploaded_file($_FILES['userfile']['tmp_name'])) { echo "Загрузка файла на сервер не удалась"; die(); //or throw exception... } //Проверка что это картинка if (!getimagesize($_FILES["userfile"]["tmp_name"])) { echo "Это не картинка..."; die(); //or throw exception... } if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "Файл корректен и был успешно загружен.\n"; } else { echo "Возможная атака с помощью файловой загрузки!\n"; } ?>

    To pass the data to the script, you need to create an HTML form with enctype = "multipart / form-data"

     <!DOCTYPE html> <html> <body> <form action="upload.php" method="post" enctype="multipart/form-data"> Select image to upload: <input type="file" name="userfile" id="fileToUpload"> <input type="submit" value="Upload Image" name="submit"> </form> </body> </html>

    If you want to send data without a browser, you can use CURL. Running a POST request from the command line to transfer the file looks like this:

     curl -i -X POST -H "Content-Type: multipart/form-data" -F "data=@test.mp3" http://myserver/upload
    • Always writes a mistake: Possible attack using file upload! \ N The path to the folder with pictures is: /s92640jz.bget.ru/public_html/engine/ - Nikola Krivosheya
    • This means that the file cannot be moved to that folder, put 777 (chmod) rights in the folder into which you are moving data, this is done in the console using chmod 777 folder_name or you can also set such permissions from the hosting panel. - Firepro
    • I've already checked the rights - Nikola Krivosheya
    • why the name of the engine folder? Did not try to make an adequate name, such as imgs and so on ?? It seems to me that this folder name is defined as a service name used by BEGET. you have a VP there? Why fuss a garden, among the plug-ins for the VP a billion solutions for downloading files, martin images, etc. !! Yes, and without plug-ins solutions enough. Autumn in the yard, bicycles time to preserve! - Sergey V.