Saving uploaded JPG to PHP session. Serialization?

Should I use php serialization?

Is there a开发者_开发知识库 limit of file size to serialize? JPGs can go up to 10mb.

---

I don't think there's any limit except for the memory available to PHP. However, storing large files in the session will cause unnecessary delays because the session objects have to be unserialized in the beginning of unserialized at the end of, every request (except in those requests where you don't load the session).

You can instead save the files in a temporary location and save only the filename in the session.

---

You can store binary data in a session variable, so there is no need to modify it at all. Session files are already (more or less) serialised.

Alternatively you could base64 encode the image data for storage in the session data.

Having said that, it seems like a bad idea - you would add a lot more server load to encode/decode the image data when the session was loaded (even more if you also had to base64 decode it) and you would be loading the entire file into memory. I would dump the image to a temp file and store the path of the file in the session data instead.

---

As long as you don't exceed the memory_limit you should be fine storing it.

That said, here's a method I have used to push $_FILES in to the session, assuming:

• $_SESSION['File'] is where we're storing it
• $uploadFile is the image being uploaded (e.g. a reference to $_FILES)
• You've already established the session

if ($uploadFile['error'] == UPLOAD_ERR_OK)
{
  // try reading directly from temp directory
  if (is_readable($uploadFile['tmp_name']))
  {
    $_SESSION['File'] = file_get_contents($uploadFile['tmp_name']);
  }
  // not readable as-is, make sure we can move it
  else
  {
    $moveTo = 'uploads' . DIRECTORY_SEPARATOR . $uploadFile['name'];
    if (is_writeable(dirname($moveTo)) && move_uploaded_file($uploadFile['tmp_name'],$moveTo) !== false)
    {
      // read now that its been moved
      $_SESSION['File'] = file_get_contents($moveTo);

      // cleanup
      @unlink($moveTo);
    }
  }
}

Otherwise if all else fails, it wasn't able to be stored in the session

---

PHP sessions are limited by the memory usage limit of PHP. So 10mb would probably be ok, but...

I don't think "session" is the correct choice to store a large binary data. Uploaded files goes to a temporary folder on the server and you can reach them for a while from that directory. So, if you need to reach that file later, you can simply store the temporary file path to the session.

Example code:

session_start();
$_SESSION["uploaded_file"] = $_FILES["file"];

Then, when you need to copy that file to the real path, you can do something like:

move_uploaded_file($_SESSION["uploaded_file"]["tmp_name"], "images/".$_SESSION["uploaded_file"]["name"]);

You can also reach "type", "size" and "error" items from $_SESSION["uploaded_file"] if you need them.