13

I've created a form with 3 <input type="file"/>

I see that I get an array with array(name=>"").

So I check if ($_FILE["myfilename"]["name"]=="") instead.

This works but it seems rather unusual to me.

I was wondering if there was a better way to check if a file input is set or not?

Improve this question

5 Answers 5

Reset to default
17

There is: is_uploaded_file(). When dealing with uploaded files, you should always use it (and its cousin move_uploaded_file()) for security reasons.

Improve this answer
9
  • I'm confused about the usefulness of is_uploaded_file. In the PHP source there seems to exist a secondary hash. But the values are always identical to the ones in $_FILES[*]['tmp_name']. And it checks for nothing else. Not sure how one could inject something into $_FILES during script runtime. (Is_uploaded_file would be redundant if you use move_uploaded_file, because it contains the copy&pasted exactly same test anyway.)
    – mario
    Commented May 1, 2011 at 16:46
  • @mario there used to be a vulnerability in PHP 4 that I actually managed to break into a friend's phpBB with once: It was possible to inject local file paths (think ../config.php) into tmp_name, leading that file to be copied into the public uploads/ directory or wherever. is_uploaded_file() was introduced in response to that. Whether the vulnerability still exists if you don't use is_uploaded_file(), I don't know, I've never checked since
    – Pekka
    Commented May 1, 2011 at 16:48
  • Interesting. So, it's all your fault then? Downvoted for hacking.. ;}
    – mario
    Commented May 1, 2011 at 16:50
  • I'm still quite new with the file uploading concept. So, if I get this right, when I press the upload button on my form, the server is already uploading the file hence is_uploaded_file. if is_uploaded_file($_FILES["inputFieldName"]){ move_uploaded_file($_FILE["inputFieldName"],$destinationFolder) } Is that correct?
    – Nicolas de Fontenay
    Commented May 1, 2011 at 16:57
  • @ndefontenay the latter part is correct; the former isn't: The upload starts when you click the upload button. The PHP script comes to life after all files have been completely uploaded. is_uploaded_file() is just a fancy (and, as said above, security enhanced) way of checking the FILES array
    – Pekka
    Commented May 1, 2011 at 17:18
7

You can use empty to check if a variable is blank or not but Pekka's solution is best in this way 

if (empty($_FILES["myfilename"]["name"]))

If you are checking that if a variable is set you can use isset function

Improve this answer
4

The best way, assuming you're using a recent PHP (4.2+), is to check that:

$_FILE['myfilename']['error'] === UPLOAD_ERR_OK

If this is true the upload worked, you can see the list of other possible values here

Improve this answer
2
  • you should use the strict equality comparison ===. If you should ever make a type on the ERR_OK constant, the regular comparison will give a false "ok".
    – Marc B
    Commented May 1, 2011 at 17:44
  • Very good point Marc, especially as the value of it is (int)0.
    – Ciaran McNulty
    Commented May 4, 2011 at 9:49
1

You can try this: 

if($_FILES['myfilename']['size'] > 0 ) {

}
else{
       echo 'File is not uploaded . . .';
}
Improve this answer
0

Try this:

if($_FILES["uploadImg"]['name'][0] != ''){
    //echo 'file attached';
}else{
    //echo 'no file attached';
}

This works for me...

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.