How to store photo upload in a PHP session?

Question

I've built this webform wizard, consisting of several PHP pages. In this several pages users can fill in the form and the data gets temporarily stored in a session and at the last page the sessions are used to store all the data in the MYSQL database. Everything works fine with the exception of the uploaded file. Here is my code:

HTML: wizard_page2

<form name="registratieformulier" method="post" enctype="multipart/form-data" action="sw3.php">

    <tr><td>Foto winkel uploaden: </td><td><input type="file" name="uploadfoto"/></td></tr><br /><br />

      <tr><td><strong>Omschrijving van winkel:</strong></td>                    </tr><br />

       <tr><textarea cols="50" rows="7" name="omschrijvingwinkel"></textarea></tr>
       <input name="pkbedrijven" value="<?php echo($pkbedrijven); ?>" type="hidden" />
    <input type="submit" name="stuurfoto" value="Verzenden" />

</form>

PHP: wizard_last_page

    $_FILES['uploadfoto']['name']       = $_SESSION["naamfoto"];
    $_FILES['uploadfoto']['tmp_name']   = $_SESSION["tijdelijk"];

    $bn =   $_SESSION["wn"];

     $target_path = "../../winkels/$bn/";

      $target_path = $target_path . basename( $_FILES['uploadfoto']['name']);


    move_uploaded_file($_FILES['uploadfoto']['tmp_name'], $target_path)or die("There was an error uploading the file, please try again!");
     $foto_path  = "http://mywebsite.nl/winkels/$bn/".basename($_FILES['uploadfoto']['name']);


   $omschrijving   = $_SESSION["omschrijving"];

   $add = "UPDATE winkelprofiel SET winkelomschrijving='$omschrijving', winkelfoto='$foto_path' WHERE fkBedrijvenID=$pkbedrijven ";
   $query_upload = mysql_query($add) or die("De winkelfoto en omschrijving konden niet worden opgeslagen");

Answer 1

The $_FILES array only holds information about the file that has been uploaded in this request. If you do not save that file elsewhere within the same request, it will be removed by PHP at the end of the request. You cannot simply save $_FILES['uploadfoto']['tmp_name'] into the session and expect the file to still be there later, because it won't be. There's also no point in assigning the values in $_SESSION back into $_FILES, it won't bring the file back.

What you need to do:

1. if the upload was successful, move $_FILES['uploadfoto']['tmp_name'] somewhere else immediately
2. save the location you have moved it to into $_SESSION
3. do something with that file in $_SESSION at the end of your multi-page process (no need for $_FILES anymore at all)
4. have some mechanism in place to remove old uploaded files, in case the user abandons the session and the file never gets used

Answer 2

I think that the problem is, the file located at $_FILES['uploadfoto']['tmp_name'] will only be available when it is uploaded. Even you store the value in session, the file won't be there when you come to wizard_last_page. You need to handle uploaded files right away in the POST request.

So you need to move the file to $target_path or any certain temporary place when it's uploaded, then store the $target_path in the session so you can access to the file later on wizard_last_page.

Answer 3

Well, you can upload the file in one temporary location first. Then on the last page, once you submit the form, you can transfer the file to the desired location and then delete the temporary one.

$_SESSION['file'] = $_FILES["file"]["name"];

if (file_exists("uploads/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/temp/" . $_FILES["file"]["name"]);
      };


//This for the last page.
$file = file_get_contents("uploads/temp/".$_SESSION['file']);
file_put_contents("uploads/".$_SESSION['file'], $file);