YII2 - about file upload

Keywords: PHP

Because the first attempt was fruitless, the new page only wrote the simplest, first look at the following code:
First, the View part: (using the partial yii writing method)

<form action="<?= Url::to(['default/datafile']) ?>" method="post" enctype="multipart/form-data">
    <label for="file">Filename:</label>
    <input type="file" name="myFile" id="file" />
    <br />
    <input type="submit" name="submit" value="Submit" />
</form>

The above action uses the helper class of YII to build an internally recognizable url, which is the actionDatafile() in DeaufaultController.php

 public function actionDatafile(){
        if(empty($_FILES)){
            $status = 1;
            $info = 'No file upload';
        }
        if($_FILES['myFile']['error'] === 0 || $_FILES['myFile']['error'] === '0' ){
            //File uploaded successfully
            $tmp = pathinfo($_FILES['myFile']['name']);
            $new_fname = $tmp['filename'].'_'.rand(1000000,9999999).'.'.$tmp['extension'];
            echo $new_fname;
            if(!move_uploaded_file($_FILES['myFile']['tmp_name'], '../runtime/file/'.$new_fname)){
                $status = 1;
                $info = 'Upload (move) failed';
            }else{
                $status = 0;
                $info = 'Upload success';
            }
        } else {
            //File upload failed
            $info = 'File upload failed';
            switch($_FILES['myFile']['error']){
                case 1:
                    $info = 'Upload file exceeds php.ini in upload_max_filesize configuration parameter';
                    break;
                case 2:
                    $info = 'Upload file exceeds form MAX_FILE_SIZE Value specified by option';
                    break;
                case 3:
                    $info = 'Only part of the file is uploaded';
                    break;
                case 4:
                    $info = 'No files uploaded';
                    break;
                case 5:
                    $info = 'Upload file size is 0';
                    break;
            }
            $status = 1;
        }
        return $info;
    }

Here, in addition to the judgment operation of the file, it moves the file to the appropriate location. But it was found after execution

Obviously there is a problem with the validation of parameters. So I sorted out the relevant problems

1. The parameter itself?

At first, it was thought that it was a URL parameter problem. Instead, it turned to GET method, but it couldn't be solved. There was a problem that $_filewas empty

2. What is null?

Check $reuse, there is a value.

Check configuration (php.ini)

File, upload max, post max, upload TMP dir are set

3. Research on parameters

At this time, we find the crsf in the parameter, which is brought by the yii framework validation. The reference to validation is similar to the error prompt, adding the cancel validation code

public function beforeAction($action)
    {
        if ($action->id == 'datafile') {
            $this->enableCsrfValidation = false;
        }

        return parent::beforeAction($action);
    }

Modified success

Posted by dunnsearch on Fri, 03 Apr 2020 03:59:12 -0700

Hot Keywords

©2024 Programmer Group