The FileControl Control

The FileControl control presents a Select File button that allows the user to select a file to upload to the server. The control itself is fairly simple, offering a basic "file" type of textbox that all browsers support. However, the bigger subject of how to support file uploads can be quite complicated.

PHP itself has some built-in support for file uploads, using the $_FILES super global to provide the names of files uploaded when a POST call is made to the browser. The FileControl control uses this built-in support to get the file the user selected. Since this only works with POST calls, to initiate the actual upload, you must use a Server action. Ajax actions will not work.

Your Server action should do something with the file immediately. PHP will automatically delete the uploaded file after the server call is processed. PHP provides some functions to manage this process. See PHP's Handling File Uploads article for more information.

Any time you allow a user to upload a file to your server, you are creating a security risk. You must be sure you understand the risks and how to mitigate them. PHP will take care of uploading the file itself to a temporary directory, and you can find out where the file is with the ->File attribute of the FileControl. After that, it is up to you to check the file to make sure it is the type of file you expect, and then either move the file out of the temporary directory, or process it how you would like. You could put the file into a BLOB in your database, move it to another directory, upload it to a cloud service, or whatever. Just be sure that you take precautions to prevent a malicious attack unexpectedly coming from a file upload.

This particular example is a simple example of handling upload of a single jpeg file, but is not complete. It does not handle multiple files selected, nor does it provide enough checks to ensure that the file uploaded is actually a jpeg file, but it should get you started.

File Control Picture