https://www.webmaster-forums.net/crss/node/1036206 en https://www.webmaster-forums.net/serverside-scripting/keeping-correctly-filled-data-when-validating-html-form-php#comment-1208579 <blockquote class="bb-quote-body"><p><strong>Greg K;208531 wrote:</strong> The question here is if the browser actually sends the file "location" to the server. I imagine that for security reasons, it will not, but i could be wrong.</p> <p>-Greg</p></blockquote> <p>Good point, Greg. I believe the RFC mentions security as an issue as well.</p> <blockquote class="bb-quote-body"><p>Quote: 8. Security Considerations</p> <p> It is important that a user agent not send any file that the user has<br /> not explicitly asked to be sent. Thus, HTML interpreting agents are<br /> expected to confirm any default file names that might be suggested<br /> with . Never have any hidden fields be<br /> able to specify any file.</p> <p> This proposal does not contain a mechanism for encryption of the<br /> data; this should be handled by whatever other mechanisms are in<br /> place for secure transmission of data, whether via secure HTTP, or by<br /> security provided by MOSS (described in RFC 1848).</p> <p> Once the file is uploaded, it is up to the receiver to process and<br /> store the file appropriately.</p> <p>Source: <a href="http://www.ietf.org/rfc/rfc1867.txt" class="bb-url">http://www.ietf.org/rfc/rfc1867.txt</a></p></blockquote> <p>mawooshen, I'm sure you probably know this already but here goes...</p> <p>I did a bit of testing on XAMPP and it appears that the $_FILES array does not have the full path name of the file (it has the file name and a temporary file path). In addition, the RFC talks about the 'value' in (input type=file) only tells the browser of a default file name. Like I said in my previous reply, I wasn't able to get that working. I'm on windows, using php5, apache from xampp. You can try your luck on other setup environments, I suppose.</p> <p>Anyone else have any input, I'm kind of curious to find a better way to do this.</p> Fri, 13 Oct 2006 00:54:17 +0000 sol90 comment 1208579 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/keeping-correctly-filled-data-when-validating-html-form-php#comment-1208531 <p>The question here is if the browser actually sends the file "location" to the server. I imagine that for security reasons, it will not, but i could be wrong.</p> <p>-Greg</p> Thu, 12 Oct 2006 12:03:17 +0000 Greg K comment 1208531 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/keeping-correctly-filled-data-when-validating-html-form-php#comment-1208528 <blockquote class="bb-quote-body"><p>Quote: 3.4 Interpretation of other attributes</p> <p> The VALUE attribute might be used with tags for a<br /> default file name. This use is probably platform dependent. It might<br /> be useful, however, in sequences of more than one transaction, e.g.,<br /> to avoid having the user prompted for the same file name over and<br /> over again.</p> <p><strong>Source: <a href="http://www.ietf.org/rfc/rfc1867.txt" class="bb-url">http://www.ietf.org/rfc/rfc1867.txt</a></strong> </p></blockquote> <p>Two things:</p> <p>1.<br /> RFC was written in 1995. I can't find a more updated version. Which means either current browsers don't like to handle it, or there is a more recent version that I don't know about.</p> <p>2.<br /> Despite what the RFC says, I could not get PHP to "keep" the value inside the file input box. A possible workaround, depending on your requirements, is to keep the variable in sessions and output the filename above/below/beside the input box.</p> <p>If someone knows a better way :light: , by all means please share! Thanks</p> Thu, 12 Oct 2006 10:01:39 +0000 sol90 comment 1208528 at https://www.webmaster-forums.net