How to Upload a File in Coldfusion
Use the cffile tag for uploading files to the server.
Note that allowing people to upload files is fraught with danger and only trusted users should be allowed to upload files. Checks should be made to make sure that only allowed file types are uploaded.
The Client-Side
First of all, let us deal with the client side. This assumes some knowledge of HTML.
You need to include an input file field in your form, use the POST method and set the MIME encoding to "multipart/form-data" from the default value of "application/x-www-form-urlencoded".
[HTML]<form name="uploadform" action="actionpage.cfm" method="POST" enctype="multipart/form-data">
<input type="file" name="uploadfile">
<input type="submit" name="uploadsubmit" value="Upload">
</form>[/HTML]
These are the three basic client-side components for a file upload.
The Server-Side
Now onto the server side. This assumes some basic knowledge of Coldfusion.
You will need to use the
cffile tag (the syntax is shown below):
- <cffile
-
action = "upload"
-
fileField = "formfield"
-
destination = "full_path_name"
-
nameConflict = "behaviour"
-
accept = "mime_type" or "file_type"
-
mode = "permission"
-
attributes = "file_attribute_or_list"
-
result = "result_name">
Only the first three attributes are required, the rest are optional. The last attribute was added in Coldfusion MX 7. The following code demonstrates an example of this tag's use:
- <cffile
-
action = "upload"
-
fileField = "uploadfile"
-
destination = "c:\Inetpub\wwwroot\uploads"
-
nameConflict = "overwrite">
The cffile tag can be used for interacting with server files, but we are interested in uploading, so we set the action attribute to upload. The fileField attribute must correspond with the file input field defined in our form. The destination should be an absolute path to a directory on the server. If you do not specify an absolute path, the destination path will be relative to the Coldfusion temp directory which you can obtain with
GetTempDirectory().
The
nameConflict attribute is optional, but should be specified in case a file already exists with the same name. In that case, you have four options:
Error: An error message is displayed with the page processing aborted.
Skip: The file is not uploaded, but no error message .
Overwrite: Files on the server with the same name are overwritten.
Makeunique: The file is uploaded and given a unique name.
You can use the
accept attribute to restrict the types of files that the user is allowed to upload, e.g. to allow only GIFs, JPGs and PNGs, you could use:
- accept="image/gif,image/jpg,image/png"
Some Optional Attributes
You can skip this part if you don't need to set the file properties.
The final three attributes are
mode,
attributes and
result.
mode lets you set the read/write/execute file permissions on Unix/Linux.
attributes allows you to set whether the file should be readOnly (read only), hidden or normal (on Windows). each attribute must be explicitly set, otherwise they will be overridden.
result lets you use a prefix other than
cffile for the variable which contains the result parameters, e.g. if you set this result parameter to cfresult, for the size of the uploaded file, instead of
you would use
Example
Ok, now for an example. Our example sends the form to the same page which we shall call UploadFile.cfm.
- <cfif isDefined("form.uploadfile")>
-
<cffile
-
action = "upload"
-
fileField = "uploadfile"
-
destination = "c:\Inetpub\wwwroot\uploads"
-
nameConflict = "overwrite">
-
<cfelse>
-
<form name="uploadform" action="UploadFile.cfm" method="POST" enctype="multipart/form-data">
-
<input type="file" name="uploadfile">
-
<input type="submit" name="uploadsubmit" value="Upload">
-
</form>
-
</cfif>
-
