Comments on: Be careful with file uploads

By: cakebaker

cakebaker — Fri, 09 Jul 2010 14:26:25 +0000

@fairuz: You can access the file data in your controller in the following way:


$this->data['Post']['file1']['name'];
$this->data['Post']['file2']['name'];

However, a more flexible solution is to modify your view slightly:


...
$this->Form->file('Post.0.File');
$this->Form->file('Post.1.File');
...

You can then access the data like:


$this->data['Post'][0]['File']['name'];
$this->data['Post'][1]['File']['name'];

This approach makes it easier to loop over the files. I hope this answers your question.

By: fairuz

fairuz — Thu, 08 Jul 2010 13:22:55 +0000

how to make multi file upload. see my code below


Form->create('Post',array('action'=>'add','type'=>'file'));
$this->Form->file('file1');
$this->Form->file('file2');
$this->Form->submit('Upload ');
$this->Form->end();
?>

how to create controller for multiple files?

By: cakebaker

cakebaker — Wed, 22 Oct 2008 14:22:46 +0000

@Joker-eph: Thanks for the hint, it is now fixed in the article!

By: Joker-eph

Joker-eph — Mon, 20 Oct 2008 12:10:03 +0000

Seems to be just a bad hack... The security hole still remains :

By: cakebaker » File upload with CakePHP

cakebaker » File upload with CakePHP — Mon, 25 Dec 2006 07:08:48 +0000

[...] Update (2006-08-05): Fixed a security hole in the code above, see also “Be careful with file uploads”. Thanks to Lamby. [...]

By: Lamby

Lamby — Tue, 05 Sep 2006 01:57:37 +0000

:-)

By: cakebaker

cakebaker — Sat, 05 Aug 2006 13:06:48 +0000

Yes, it is possible to use is_uploaded_file.

By: Madarco

Madarco — Sun, 30 Jul 2006 16:19:39 +0000

Hi, isn't possible to use is_uploaded_file on params['form']['File']['tmp_name']?