file upload with php

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

file upload with php

tom rhodes
Hi all,

after some headscratching and googling trying to work out how to save a multipart/form-data received from a form to the disk i've got this code...

var uploadFile = Web.getMultipart(10*1024*1024);
var userID:String = params.get("selectedUserID");
var fileContent = uploadFile.get("selectedFile");
var newFile = File.write("../downloads/" + userID + "/test", true);
newFile.write(fileContent);
newFile.close();

but it won't compile, as File.write wants haxe.io.Bytes and not Null<String>.

i've got a feeling i should be doing something with parseMultipart though really, and i also want to preserve the original filename if i can. i'm really lost though!

if anyone can give me a bump in the right direction it'll be much appreciated!

cheers,

tom.

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

wvxvw
Hi Tom.

I think, I'm not giving a good advise, and here's why: HaXe is all about making your code easy to port from one language to another, and thus, when I suggest you to use platform specific code, I'm not doing a good job. So, take this into account, please.

Well, you see Web.getMultipart() will save your file and read it after it saves it in chunks (this is a little bit more IO operations then you probably want). Those chunks even though typed to String are essentially the same as Bytes - PHP understands no difference between those two. To convert the string to bytes you can do Bytes.ofString( theString ). This will create a new instance of Bytes, where the original string is the bytes content.

But, if you believe, that you will never need to run this code on any platform other then PHP, then you can look into how Web.getMultipart() is written - it uses __php__ and __call__ to invoke original PHP code to get the content of superglobal $_FILES array. There are also global PHP functions such as move_uploaded_file() that you can call in the same fashion in order to re-save the uploaded file. 
Also consider verifying that the file is of type you expect it to be. For images the best way to do that is by using GD functions, I think.

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

tom rhodes
hi oleg,

thanks. essentially i was looking for equivalents of $_FILES and move_uploaded_file() to start with! and seeing as everything else in the site is written in haxe it seems a shame and a bit weird to have to use something other than haxe for a tiny part of the sites admin system!

i get what you are saying about it being platform specific, if i had a neko enabled server to play with then i suppose my site would compile and work with neko... i'm using some classes in this site in both JS and php targets... i'm getting my head around the possibilities (slowly)

file upload is something pretty fundamental though! i'll try out your suggestions after some polpette :)

cheers,

tom.


On 27 March 2010 20:51, Oleg Sivokon <[hidden email]> wrote:
Hi Tom.

I think, I'm not giving a good advise, and here's why: HaXe is all about making your code easy to port from one language to another, and thus, when I suggest you to use platform specific code, I'm not doing a good job. So, take this into account, please.

Well, you see Web.getMultipart() will save your file and read it after it saves it in chunks (this is a little bit more IO operations then you probably want). Those chunks even though typed to String are essentially the same as Bytes - PHP understands no difference between those two. To convert the string to bytes you can do Bytes.ofString( theString ). This will create a new instance of Bytes, where the original string is the bytes content.

But, if you believe, that you will never need to run this code on any platform other then PHP, then you can look into how Web.getMultipart() is written - it uses __php__ and __call__ to invoke original PHP code to get the content of superglobal $_FILES array. There are also global PHP functions such as move_uploaded_file() that you can call in the same fashion in order to re-save the uploaded file. 
Also consider verifying that the file is of type you expect it to be. For images the best way to do that is by using GD functions, I think.

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org


--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

tom rhodes
cool, thanks oleg.

Bytes.ofString method works and i write my test file fine. i've still got the problem of preserving the name of the original file though. seeing as my userID gets through ok i might just add something to my form validation that passes it as a var along with the form data...

i'd be interested to know how other people are handling file uploads though :)

cheers,

tom.


On 27 March 2010 21:18, tom rhodes <[hidden email]> wrote:
hi oleg,

thanks. essentially i was looking for equivalents of $_FILES and move_uploaded_file() to start with! and seeing as everything else in the site is written in haxe it seems a shame and a bit weird to have to use something other than haxe for a tiny part of the sites admin system!

i get what you are saying about it being platform specific, if i had a neko enabled server to play with then i suppose my site would compile and work with neko... i'm using some classes in this site in both JS and php targets... i'm getting my head around the possibilities (slowly)

file upload is something pretty fundamental though! i'll try out your suggestions after some polpette :)

cheers,

tom.


On 27 March 2010 20:51, Oleg Sivokon <[hidden email]> wrote:
Hi Tom.

I think, I'm not giving a good advise, and here's why: HaXe is all about making your code easy to port from one language to another, and thus, when I suggest you to use platform specific code, I'm not doing a good job. So, take this into account, please.

Well, you see Web.getMultipart() will save your file and read it after it saves it in chunks (this is a little bit more IO operations then you probably want). Those chunks even though typed to String are essentially the same as Bytes - PHP understands no difference between those two. To convert the string to bytes you can do Bytes.ofString( theString ). This will create a new instance of Bytes, where the original string is the bytes content.

But, if you believe, that you will never need to run this code on any platform other then PHP, then you can look into how Web.getMultipart() is written - it uses __php__ and __call__ to invoke original PHP code to get the content of superglobal $_FILES array. There are also global PHP functions such as move_uploaded_file() that you can call in the same fashion in order to re-save the uploaded file. 
Also consider verifying that the file is of type you expect it to be. For images the best way to do that is by using GD functions, I think.

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org



--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

Philipp Klose-2
Hi tom,

the easiest way to process file uploads with haXe PHP / neko is to use:

var data = "";
var file = "";
php.Web.parseMultipart(function (name:String, filename:String) {
    file = filename;
}, function (buffer:String, foo:Int, foo:Int) {
    data+= buffer;
});
//save data to file with name file

This works only with one file for a upload, but could easily modified for multiple files.

Philipp

tom rhodes wrote:
cool, thanks oleg.

Bytes.ofString method works and i write my test file fine. i've still got the problem of preserving the name of the original file though. seeing as my userID gets through ok i might just add something to my form validation that passes it as a var along with the form data...

i'd be interested to know how other people are handling file uploads though :)

cheers,

tom.


On 27 March 2010 21:18, tom rhodes <[hidden email]> wrote:
hi oleg,

thanks. essentially i was looking for equivalents of $_FILES and move_uploaded_file() to start with! and seeing as everything else in the site is written in haxe it seems a shame and a bit weird to have to use something other than haxe for a tiny part of the sites admin system!

i get what you are saying about it being platform specific, if i had a neko enabled server to play with then i suppose my site would compile and work with neko... i'm using some classes in this site in both JS and php targets... i'm getting my head around the possibilities (slowly)

file upload is something pretty fundamental though! i'll try out your suggestions after some polpette :)

cheers,

tom.


On 27 March 2010 20:51, Oleg Sivokon <[hidden email]> wrote:
Hi Tom.

I think, I'm not giving a good advise, and here's why: HaXe is all about making your code easy to port from one language to another, and thus, when I suggest you to use platform specific code, I'm not doing a good job. So, take this into account, please.

Well, you see Web.getMultipart() will save your file and read it after it saves it in chunks (this is a little bit more IO operations then you probably want). Those chunks even though typed to String are essentially the same as Bytes - PHP understands no difference between those two. To convert the string to bytes you can do Bytes.ofString( theString ). This will create a new instance of Bytes, where the original string is the bytes content.

But, if you believe, that you will never need to run this code on any platform other then PHP, then you can look into how Web.getMultipart() is written - it uses __php__ and __call__ to invoke original PHP code to get the content of superglobal $_FILES array. There are also global PHP functions such as move_uploaded_file() that you can call in the same fashion in order to re-save the uploaded file. 
Also consider verifying that the file is of type you expect it to be. For images the best way to do that is by using GD functions, I think.

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org




--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

tom rhodes
Thanks Philipp, i did look at parseMultipart but it confused me more than getMultipart :)

i'll have a play with what you've sent, the idea of streaming rather than reading the whole file into memory seems like the better method.


On 27 March 2010 22:09, Philipp Klose <[hidden email]> wrote:
Hi tom,

the easiest way to process file uploads with haXe PHP / neko is to use:

var data = "";
var file = "";
php.Web.parseMultipart(function (name:String, filename:String) {
    file = filename;
}, function (buffer:String, foo:Int, foo:Int) {
    data+= buffer;
});
//save data to file with name file

This works only with one file for a upload, but could easily modified for multiple files.

Philipp


tom rhodes wrote:
cool, thanks oleg.

Bytes.ofString method works and i write my test file fine. i've still got the problem of preserving the name of the original file though. seeing as my userID gets through ok i might just add something to my form validation that passes it as a var along with the form data...

i'd be interested to know how other people are handling file uploads though :)

cheers,

tom.


On 27 March 2010 21:18, tom rhodes <[hidden email]> wrote:
hi oleg,

thanks. essentially i was looking for equivalents of $_FILES and move_uploaded_file() to start with! and seeing as everything else in the site is written in haxe it seems a shame and a bit weird to have to use something other than haxe for a tiny part of the sites admin system!

i get what you are saying about it being platform specific, if i had a neko enabled server to play with then i suppose my site would compile and work with neko... i'm using some classes in this site in both JS and php targets... i'm getting my head around the possibilities (slowly)

file upload is something pretty fundamental though! i'll try out your suggestions after some polpette :)

cheers,

tom.


On 27 March 2010 20:51, Oleg Sivokon <[hidden email]> wrote:
Hi Tom.

I think, I'm not giving a good advise, and here's why: HaXe is all about making your code easy to port from one language to another, and thus, when I suggest you to use platform specific code, I'm not doing a good job. So, take this into account, please.

Well, you see Web.getMultipart() will save your file and read it after it saves it in chunks (this is a little bit more IO operations then you probably want). Those chunks even though typed to String are essentially the same as Bytes - PHP understands no difference between those two. To convert the string to bytes you can do Bytes.ofString( theString ). This will create a new instance of Bytes, where the original string is the bytes content.

But, if you believe, that you will never need to run this code on any platform other then PHP, then you can look into how Web.getMultipart() is written - it uses __php__ and __call__ to invoke original PHP code to get the content of superglobal $_FILES array. There are also global PHP functions such as move_uploaded_file() that you can call in the same fashion in order to re-save the uploaded file. 
Also consider verifying that the file is of type you expect it to be. For images the best way to do that is by using GD functions, I think.

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org




--
haXe - an open source web programming language
http://haxe.org


--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

wvxvw
In reply to this post by tom rhodes
Hi Tom.

I think, I was in the very similar situation shortly before you. I ended up planting a small "invisible" SWF into the otherwise fully HTML site. And here's why:
- JavaScript file upload doesn't let you to specify file filter, it also doesn't let you to select multiple files per operation (Of course, you can check the file extension after it's been selected and you can add inputs dynamically, but that seems just lame :)
- You must submit the page to send multipart data to the server (again, you can put the invisible form into an iframe and submit that iframe instead, but you won't get the upload progress).

I think even Gmail does file attachments by using this technique with hidden SWF. I saw this technique used quite a lot on other sites too. So, unless it is a requirement to not use SWF, I'd stick to that option. It might have it's own quirks, but in the end it's a better user experience :)

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

clemos
Hi

Be careful because latest Flash Players won't allow you to open the
file selector without a click event being received in the Flash stage
itself... It used to work before, but I think it's been forbidden
since FP10.
In other words, your SWF can't really be "hidden" because you have to
actually click on it. (You can make a flash wmode on top of a fake
button input, but... please.)

Also, there are a few issues with cookies (cookie data isn't shared
between the browser and Flash Player, so you have to pass things like
Session IDs explicitly), but also with some proxies (I don't know the
details, but I already had issues with authenticated proxies, which
probably had to do with cookies or other headers not being sent. The
progress measurement can also fail since the proxy can receive the
file very quickly and forward it to the actual server only afterwards)

Otherwise: yes, it's definitely the best solution for uploading
files... You can even style the button, which is not possible with
file inputs :)
There used to be a solution for file upload progress with file inputs
and timed calls to a server side program that measures the size of the
file being written, but... please.
+++++++
Clément

On Sun, Mar 28, 2010 at 1:39 AM, Oleg Sivokon <[hidden email]> wrote:

> Hi Tom.
> I think, I was in the very similar situation shortly before you. I ended up
> planting a small "invisible" SWF into the otherwise fully HTML site. And
> here's why:
> - JavaScript file upload doesn't let you to specify file filter, it also
> doesn't let you to select multiple files per operation (Of course, you can
> check the file extension after it's been selected and you can add inputs
> dynamically, but that seems just lame :)
> - You must submit the page to send multipart data to the server (again, you
> can put the invisible form into an iframe and submit that iframe instead,
> but you won't get the upload progress).
> I think even Gmail does file attachments by using this technique with hidden
> SWF. I saw this technique used quite a lot on other sites too. So, unless it
> is a requirement to not use SWF, I'd stick to that option. It might have
> it's own quirks, but in the end it's a better user experience :)
> Best.
> Oleg
> --
> haXe - an open source web programming language
> http://haxe.org
>

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

tom rhodes
to be honest i've only ever done it before using flash and php, either flash cms for an html/css/php site or a flash cms for a flash site...

maybe i got too excited about haxe letting me do nicely structured php and JS! 

would there be no way to do the progress with the parseMultpart?

On 28 March 2010 04:24, clemos <[hidden email]> wrote:
Hi

Be careful because latest Flash Players won't allow you to open the
file selector without a click event being received in the Flash stage
itself... It used to work before, but I think it's been forbidden
since FP10.
In other words, your SWF can't really be "hidden" because you have to
actually click on it. (You can make a flash wmode on top of a fake
button input, but... please.)

Also, there are a few issues with cookies (cookie data isn't shared
between the browser and Flash Player, so you have to pass things like
Session IDs explicitly), but also with some proxies (I don't know the
details, but I already had issues with authenticated proxies, which
probably had to do with cookies or other headers not being sent. The
progress measurement can also fail since the proxy can receive the
file very quickly and forward it to the actual server only afterwards)

Otherwise: yes, it's definitely the best solution for uploading
files... You can even style the button, which is not possible with
file inputs :)
There used to be a solution for file upload progress with file inputs
and timed calls to a server side program that measures the size of the
file being written, but... please.
+++++++
Clément

On Sun, Mar 28, 2010 at 1:39 AM, Oleg Sivokon <[hidden email]> wrote:
> Hi Tom.
> I think, I was in the very similar situation shortly before you. I ended up
> planting a small "invisible" SWF into the otherwise fully HTML site. And
> here's why:
> - JavaScript file upload doesn't let you to specify file filter, it also
> doesn't let you to select multiple files per operation (Of course, you can
> check the file extension after it's been selected and you can add inputs
> dynamically, but that seems just lame :)
> - You must submit the page to send multipart data to the server (again, you
> can put the invisible form into an iframe and submit that iframe instead,
> but you won't get the upload progress).
> I think even Gmail does file attachments by using this technique with hidden
> SWF. I saw this technique used quite a lot on other sites too. So, unless it
> is a requirement to not use SWF, I'd stick to that option. It might have
> it's own quirks, but in the end it's a better user experience :)
> Best.
> Oleg
> --
> haXe - an open source web programming language
> http://haxe.org
>

--
haXe - an open source web programming language
http://haxe.org


--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: file upload with php

wvxvw
In reply to this post by tom rhodes
Yeah, Clément makes a good point, I have to check it yet if it's possible to launch file open dialog without actually clicking on SWF, these limitations proved to be quite lame once and you could imitate click on SWF with JavaScript... But it's true that cookies aren't sent from Flash. This is a problem when you are using self signed certificates in FireFox... So, maybe, if the file uploading has to be made through SSL it's better to do it in orthodox way - just submit the page and let the user wait however long it takes w/o being notified.
With Flash 10 however, you can browse for file and load it into SWF, in this way you can then resend the file data in any way you like (not necessary multipart). Again, you cannot send session cookies along with that, but we were already using AMF + had some sort of a self-made session...
Anyone know if SL has all these problems too? I've heard there's a problem with permissions just like in Flash... :)

Best.

Oleg

--
haXe - an open source web programming language
http://haxe.org