2

Am planning to develop a image upload API which need to upload a image to the server location as part of my project. (The usage will be to upload user pics and avatar using an android app)

The API which should be similar to Imgur API in which we can use a post request to upload a binary image to the server.

I searched through multiple questions, all am getting is using multi part request which requires html form submitting. Since my aim is to create a API, html form submitting will be impossible.

Anyway am submitting a sample code which uses html form to upload an image. Can someone show to how can I modify the script to meet my requirement?

 <html> <body> <form action="photo.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file"><br> <input type="submit" name="submit" value="Submit"> </form> </body> </html>

PHP code

<?php $allow = array("jpg", "jpeg", "gif", "png"); $todir = 'uploads/'; if (!!$_FILES['file']['tmp_name'] ) // is the file uploaded yet? { $info = explode('.', strtolower( $_FILES['file']['name']) ); // whats the extension of the file if ( in_array( end($info), $allow) ) // is this file allowed { if ( move_uploaded_file( $_FILES['file']['tmp_name'], $todir . basename($_FILES['file']['name'] ) ) ) { // the file has been moved correctly } } else { // error this file ext is not allowed } } ?>
Improve this question
4
  • is it valid syntax !!$_FILES['file']['tmp_name']?? double!! Commented May 23, 2016 at 13:55
  • oops. corrected it. Thanks for the information. Commented May 23, 2016 at 13:57
  • wait the '!!' I think actually made more sense, now you seem to run the validation code only when there is no file upload. A double exclam '!!' simply casts a value to boolean, since it simply means false fasle. So it will take a variable and evaluate it's boolean value and then apply a logical 'NOT', doing it once again will simply cast a variable to boolean, but since it is in a if condition it is done regardless, so I don't see the point here. However, after your edit it actually looks simply wrong. Commented May 23, 2016 at 14:08
  • This make sense. Edited my code again. Commented May 23, 2016 at 14:43

2 Answers 2

Reset to default
2

Some remarks about your server-side code in no particular order:

  • As you can read at Handling file uploads, the correct way to verify an upload is comparing the ['error'] subkey with UPLOAD_ERR_OK (codes explained here). Don't use ['tmp_name'] for that.

  • Don't let the end user pick the actual file name on your server. You'd better generate a unique name yourself and keep the display name elsewhere (e.g. a database)

  • The recommended way to determine a file extension is pathinfo:

    pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)

  • File extension provided by the user is not a reliable way to determine file type. For pictures, the getimagesize function is often used.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

multi part request which requires html form submitting

That's wrong. It requires a properly formatted request (headers and body), period. In fact, the server has no way to know what piece of software was used to generate the request—or if you just typed the bytes yourself in a console ;-)

Improve this answer

2 Comments

That's interesting. However I just want to express that I can't use HTML form submission in my case.
And my answer wants to express that you don't need to. I'm pretty sure that Android SDK provides the appropriate library to generate multipart/form-data messages without using a browser as proxy. Whatever, if your question has actually nothing to do with this I suggest you edit it out and I'll be glad to remove my answer.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.