ZCE 5.3


Forms and URLs


GET and POST are the same from security perspective (use SSL insteed). GET will limit the size and type of data to be send. POST is the only method for uploading files. GET is recommendet for pages requiring bookmarking.
For GET use urlencode()
<?php // // data are encoded usign ampresand (&) // data are automatically decoded (use $_GET for access) // To create an url tha contains query data, use urlencode() $data = "A & B"; echo "" . urlencode($data); //
  PHP interpreter automatically decodes data for us
<?php // The PHP interpreter will automatically decode all incoming data for us //[by]=column echo $_GET['order']['by']; // Outputs: column
  File Uploads
<?php // enctype='multipart/form-data' // MAX_FILE_SIZE is useless // use php.ini directives // upload check: error, tmp_name, size, is_uploaded_file // filter and change the file name ?> <form enctype="multipart/form-data" action="index.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="50000" /> <input name="filedata" type="file" /> <input type="submit" value="Send file" /> </form>
  MAX_FILE_SIZE is almost entirely meaningless, since it sits on the client side (use php.ini insteed).
; Maximum size of POST data that PHP will accept. post_max_size = 8M ; Maximum amount of time each script may spend parsing request data max_input_time = 60 ; Maximum allowed size for uploaded files. upload_max_filesize = 2M
Once a file is uploaded to the server, PHP stores it in a temporary location.
<form enctype="multipart/form-data" action="index.php" method="post"> <input name="filedata" type="file" /> <input type="submit" value="Submit" /> </form> <?php print_r($_FILES['filedata']); // Array ( [name] => IMG_7185.JPG [type] => [tmp_name] => [error] => 1 [size] => 0 ) if(!empty($_FILES['filedata']['tmp_name']) && $_FILES['filedata']['error'] === 0 && $_FILES['filedata']['size'] > 0){ if (is_uploaded_file($_FILES['filedata']['tmp_name'])) { // move and rename } }