sqlpage.persist_uploaded_file(file, destination_folder, allowed_extensions)
Introduced in SQLPage 0.20.1.
Persists an uploaded file to the local filesystem, and returns its path. If the file input field is empty, the function returns NULL.
Example
User profile picture
upload_form.sql
select 'form' as component, 'persist_uploaded_file.sql' as action;
select 'file' as type, 'profile_picture' as name, 'Upload your profile picture' as label;
persist_uploaded_file.sql
update user
set profile_picture = sqlpage.persist_uploaded_file('profile_picture', 'profile_pictures', 'jpg,jpeg,png,gif,webp')
where id = (
select user_id from session where session_id = sqlpage.cookie('session_id')
);
Parameters
file
Name of the form field containing the uploaded file. The current page must be referenced in the `action` property of a `form` component that contains a file input field.
destination_folder
Optional. Path to the folder where the file will be saved, relative to the web root (the root folder of your website files). By default, the file will be saved in the `uploads` folder.
allowed_extensions
Optional. Comma-separated list of allowed file extensions. By default: jpg,jpeg,png,gif,bmp,webp,pdf,txt,doc,docx,xls,xlsx,csv,mp3,mp4,wav,avi,mov.
Changing this may be dangerous ! If you add "sql", "svg" or "html" to the list, an attacker could execute arbitrary SQL queries on your database, or impersonate other users.
basic_auth_password
basic_auth_username
cookie
current_working_directory
environment_variable
exec
fetch
hash_password
header
link
path
persist_uploaded_file
protocol
random_string
read_file_as_data_url
read_file_as_text
request_method
run_sql
uploaded_file_mime_type
uploaded_file_name
uploaded_file_path
url_encode
variables
version