File Upload in Laravel: Main Things You Need To Know
ฝัง
- เผยแพร่เมื่อ 9 มิ.ย. 2024
- I see many beginners have trouble understanding terms like "disks", "drivers", "storage", and "filesystem". So, I tried to shoot this "step-by-step summary" with a demo project.
00:00 Intro
00:51 Simple File Upload
02:06 Disks: Public vs Local
04:10 Show Public Files
05:04 Download Private Files
06:29 Encoded Filenames
08:01 Subfolders VS Disks
10:02 No storage:link?
10:53 Spatie Media Library
12:30 Amazon S3 Disk
Related article. Store Public and Private Files/Images in Laravel: Ultimate Guide laraveldaily.com/post/how-to-...
- - - - -
Support the channel by checking out my products:
- My Laravel courses: laraveldaily.com/courses
- Filament examples: filamentexamples.com
- Laravel QuickAdminPanel: quickadminpanel.com
- Livewire Kit Components: livewirekit.com
- - - - -
Other places to follow:
- My weekly Laravel newsletter: us11.campaign-archive.com/hom...
- My personal Twitter: / povilaskorop - แนวปฏิบัติและการใช้ชีวิต
Thank you very much for your helpful videos, master. This is one of the treasures.
I've been waiting for this amazing video! Thank you Povilas! More one great content, very clear explanation!
Excellent explanation.Spartie media library solves many problems as you mentioned.
Thank you sir great mentor, You really kill it for storage tutorial.
awesome information as always. thanks 👍
I'm so grateful with you!!!
Thank you.I just got a deep understanding of the disks.But I have a different method of having a class ie ImageProcessor which I use for all my image processing.
Thank you for explain is easy way
I think your explanation way suite just the master developer
Thanks so helpful video. Thanks
Good tutorial of file upload
best laravel content in youtube 😎😎😎🎉🎉
Thank you very much
Just btw, the s3 filesystem does also support `root`, so you can do the same "make a new disk per thing to store" and use a single s3 bucket for public and a single buckeet for private
Good one! At @9:43 shouldn't you change the public to avatars in the disk method?
Oh yeah, well spotted!
This is ressourceful
Thanks
Hi,
Awesoem tutorial as always.
I have a question, in the case of private file, you told the method to allow "Download" the file, what if we want to show the image (to only authorized users)?
Img src=Laravel-route-that-returns-image
I don't use file as an extra field in the db table, instead have a separate controller and model for cv, and avatar, that is an Avatar controller and a CV controller. I then use the post controller to handle both file inputs. I take the post ID after the post has been updated and save it
if ($file = $request->file('CVfile')) {
if (CVFilecontroller::where('post_id', '=', $request->post_id)) {
$jobfiler = JobOpslagFile::all()->where("post_id",$id);
foreach($jobfiles as $CVfile){
$filename = $CVfile->name;
$CVfile->delete();
$CVfile_path = public_path('ansfil/'.$filename);
if(file_exists($CVfile_path)){
unlink($CVfile_path);
}
}
}
$fileName = "CVfile".auth()->id() . '_' . time() . '.'. $request->CVfile->extension();
$type = $request->CVfile->getClientMimeType();
$size = $request->CVfile->getSize();
$request->CVfile->move(public_path('CVfile'), $fileName);
CVFilecontroller::create([
'user_id' => auth()->id(),
'post_id' => $id,
'name' => $fileName,
'type' => $type,
'size' => $size
]);
}
You rock!!!
How can we crop avatar image to store small and centered images?
That can be easily achieved with SPATIE Media library as mentioned in the video
Thank you for this video. I want to store some user files in private disk but i want to let only user view their own files in browser because if i put them in public and any user gets the name they can view it. can you help this?
Thank you!
Please tell me how you can set up folders for the Spatie media library so that if there are a large number of files, they can be sorted into subfolders? and is it possible not to do a subscription for one file?
I haven't done those two things with Spatie, I like its default folder structure and don't see the need to change it.
Great tips as always! May I ask what app are you using to connect to the database? Thank you
TablePlus
@@LaravelDaily thank you
13:57
why did not we use asset('storage/'.Auth::user()->avatar) ?
Thanks for the video.
Those who don't have SSH access can create a route to generate symlink.
Route::get(
'symlink',
fn () => Artisan::call(
'storage:link'
)
);
will generate the link.
In some shared hosting services "ln" command is locked so this also wont work
@@amirkouchaki7481 too bad but what is ln command?
@@bulent2435 its a link command that can soft or hard link files and folders similiar to what artisan storage:link does. When they disable the command doing it via web route will give an error that ln is disabled if i remember right
"ln" is a linux command to create symlinks, I am not sure laravel is using this - I guess it's using PHPs symlink() function which is safe when using different operating systems
don't forget to delete the route after creating the symlink :D
Terrific tutorial --- thanks! Why are the methods getClientOriginalName and getClientOriginalExtension "considered unsafe"? The Laravel docs says it's because "the file name and extension may be tampered with by a malicious user". What kind of "tampering" is possible and what could the effect of such tampering be? Is it unsafe even to get that information and store it in the database as a field (without using it as the name of the file)?
I guess it's worth another separate video some day
file name and extension is considered unsafe because it is a form of user input and should not be trusted.
What could be possible attack vectors?
1. file with the same name overwritten.
2. extension jpg doesn't mean it is image, it can easily be php file. (by default laravel prevents execution by accessing such files directly)
3. mime type can also be spoofed by first bytes of the file if you do check only mime/type.
4. fill up your disk space
This is what you can do to avoid that:
1. does your user really needs to know the actual file name? most often the $file->hashName() is enough. optionally save filename as db entry, make sure it is not parsed as a code.
2. validate extension, mime/type and contents of the file. for images process them after upload by removing EXIF and other metadata.
3. validate the file size.
4. use CDN for file storage, so you remove the possibility to executing them on your server.
Is it possible get a url for a private (just authenticated) file? For example, for load image in some
Yes, then your "src" should be a URL to Laravel route which should return image after the middleware.
When trying to create a user page in which the posts can only be seen by the followers of the page and the owner themself, where should I store the posts images? If I store it in the public disk anyone that has gotten the image link once can access it forever. Is this a problem? For example what would a platform like instagram do for private pages and the images in those pages?
Good question. I guess they store them as private and then do img src=Laravel-route-that-returns-image
can i use policies to prevent unauthorized download instead of middleware
Yes
Hello sir,
How to upload a zip file which contains some xls files inside.
So basically upload zip file then extract it somewhere and start inserting all rows of each xls files into database.
You need ZipArchive in PHP. Googled old tutorial: code.tutsplus.com/file-compression-and-extraction-in-php--cms-31977t
So we can use spatie/media-library for any file type? 🤔
Yes
❤
At 9:40, when you added a new disk to store avatars and changed the putFileAs() parameter to '/', shouldn't you have changed also Storage::disk('public') into Storage::disk('avatars') to make it work?
Yes you're probably right, well spotted!
Thank you very much for the answer! I just noticed that someone else made the same question some weeks ago.
Ho about file size configurations? For both the Laravel Application and the web server you are using.
Read about validations.
Here's our tutorial about it: laraveldaily.com/post/validate-max-file-size-in-laravel-php-and-web-server
@@LaravelDaily Thank you let me check it out
i have last_login_at column in table users. how update this column when user logs in? event listener doesnt work...
Not sure why event listener doesn't work. It should work, can't debug that for you.
In your auth controller? Update it after the successful login attempt
If Spatie Media Library can move files from storage to public folder, does that mean that you don't need the sym link?
It moves to storage/app/public. But you can configure it to move to /public. Then yes, you don't need a symlink in that case.
@@LaravelDaily thank you!!
What about file visibility?
Here's the link to the docs: laravel.com/docs/10.x/filesystem#file-visibility
Please @LaravelDaily, can you help us create a video on Localisation. Am trying to build a Laravel Application of English and Arabic, many Laravel developers are having this issue also and also the use of rtl & ltr when chnaging from Arabic to English, can you help with this Sir?
For todays tutroial, i really do learn a lot, Thanks 👍
Our team doesn't work with RTL so I can't really help, sorry
Thanks Sir@@LaravelDaily
Sir which cache driver should I use in Laravel? Please tell me sir.
During dev, just use the default (file) (tests mostly use array, which is in-memory cache-ing)
During production you have some options
- database (poor man's cache)
- memcached (good, but probably slower than redis)
- redis (needs redis server to run, but good.)
- dynamodb (when running on AWS)
- octane (speaks for itself, when using octane)
What ??= operator does?
This video will answer: th-cam.com/video/e_kf5s9aG-k/w-d-xo.htmlsi=chPfXGl7zwL3j8as
Why you save in the variable $avatar the action Storage::disk.... Why you dont simple do Storage::disk... without saving in $avatar that is something that I saw also in real life projects but I never understand why
Because I need $avatar later to be stored in the DB as filename.
I don't really know how laravel handles caches
Start from the docs? laravel.com/docs/10.x/cache
I personally use redis in production.
That's nice I gotta learn how to set up my project to production. Pls any recommendations?
"??=" What does that syntax mean? It's not Null coalescing
Googled for you: stackoverflow.com/questions/59102708/what-is-null-coalescing-assignment-operator-in-php-7-4
Thanks @@LaravelDaily
What about Google drive??
Setting up Google Drive is pretty complex, actually, you need to register it as a driver in the filesystem. Googled this tutorial: www.luckymedia.dev/blog/google-drive-integration-with-laravel
Thank you very much
Not convinced why these files shouldn’t be saved in longblob field in the database. Why clutter the file system of the app along with the possible issues that creates. Database seems to be the perfect spot for saving these files but have not found a single tutorial for doing so. Been doing it that way in several projects withstanding years of use with hundreds of thousands of pdf files without issue. I’d like to see someone create a tutorial using livewire or filament to see how others would approach that solution.
Thanks a lot for this video. However I have a peculiar issue. I uploaded a file but when I try to download it, I get this error
Unable to retrieve the file_size for file at location: 2f8e7eb388f214ec84c7ab92a2154670df0abd730a030f864b.pdf. when I check if it exists I get true but when I try to download I get this error