Description

Copies a file to a directory on the server.

Syntax

<cffile 
action = "upload" 
allowedExtensions="comma-separated list of file extensions"
destination = "full pathname" 
fileField = "form field" 
accept = "MIME type|file type" 
attributes = "file attribute or list" 
mode = "permission" 
nameConflict = "behavior" 
result = "result name"
strict="true|false"
ContinueOnError = "true|false"
Errors = "variable in which the file upload errors will be stored">

See also

History

ColdFusion (2018 release) Update 3, ColdFusion (2016 release) Update 10, ColdFusion 11 Update 18: Added the attribute allowedExtensions.

ColdFusion 10: Added the attribute strict. See the History section of the main cffile tag page.

Attributes

Attribute

Req/Opt

Default

Description

action

Required

 

Type of file manipulation that the tag performs.

allowedExtensions Optional  

A comma-separated list of file extensions, which will be allowed for upload.

For example, .png, .jpg, or, .jpeg.

You can use "*" (star) to allow all files, except where you specify the MIME type in the accept attribute.

Values specified in the attribute allowedExtensions override the list of blocked extensions in the server or application settings.

destination

Required

 

Pathname of directory in which to upload the file. If not an absolute path (starting with a drive letter and a colon, or a forward or backward slash), it is relative to the ColdFusion temporary directory, which is returned by the GetTempDirectory function.
If the destination you specify does not exist, ColdFusion creates a file with the specified destination name. For example, if you specify the destination, C:\XYZ, ColdFusion creates a file XYZ in the C: drive.

fileField

Optional

 

Name of form field used to select the file. Do not use number signs (#) to specify the field name. If omitted, it defaults to the name of the first file field submitted.

accept

Optional

 

Limits the MIME types to accept. It is a comma-delimited list. For example, the following code permits JPEG and Microsoft Word file uploads:"image/jpg,application/msword".

When strict="true"

If the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings.

When strict="false"

If you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded.

If you provide a MIME type in the attribute accept, and the extension of the file you are trying to upload is blocked in the Administrator/Application-level settings, the file does not get uploaded.

For example,

  • If you have blocked file type CFM in the ColdFusion Administrator and specified accept=".cfm" in the tag, and when you try uploading a CFM file, the file gets uploaded.
  • If you have blocked file type CFM in the ColdFusion Administrator and specified accept=”text/x-coldfusion” in the tag, and when you try uploading a CFM file, the file gets blocked.

Values specified in the attribute allowedExtensions overrides the list of blocked extensions in the server or application settings.

attributes

Optional

 

Applies to Windows. A comma-delimited list of attributes to set on the file.
If omitted, the file's attributes are maintained.Each value must be specified explicitly. For example, if you specify attributes = "readOnly", all other attributes are overwritten.

  • readOnly
  • hidden
  • normal (if you use this option with other attributes, it is overridden by them)

mode

Optional

 

Applies only to UNIX and Linux. Permissions. Octal values of chmod command. Assigned to owner, group, and other, respectively, for example:

  • 644: assigns read/write permission to owner; read permission to group and other.
  • 777: assigns read/write/execute permission to all.

nameConflict

Optional

Error

Action to take if filename is the same as that of a file in the directory.

  • Error: file is not saved. ColdFusion stops processing the page and returns an error.
  • Skip: file is not saved. This option permits custom behavior based on file properties.
  • Overwrite: replaces file.
  • MakeUnique: forms a unique filename for the upload; name is stored in the file object variable serverFile.

result

Optional

 

Lets you specify a name for the variable in which cffile returns the result (or status) parameters. If you do not specify a value for this attribute, cffile uses the prefix cffile. For more information, see Usage.

strict

Optional

true

strict="false"

If you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded.

If you provide a MIME type in the attribute accept, and the extension of the file you are trying to upload is blocked in the Administrator/Application-level settings, the file does not get uploaded.

For example,

  • If you have blocked file type CFM in the ColdFusion Administrator and specified accept=".cfm" in the tag, and when you try uploading a CFM file, the file gets uploaded.
  • If you have blocked file type CFM in the ColdFusion Administrator and specified accept=”text/x-coldfusion” in the tag, and when you try uploading a CFM file, the file gets blocked.

strict="true"

If the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings.

For example, if you have blocked file type CFM in the ColdFusion Administrator and specified accept=”text/x-coldfusion” and strict=”true”, and you try uploading a cfm file, the file does not get uploaded.

Values specified in the attribute allowedExtensions overrides the list of blocked extensions in the server or application settings.

ContinueOnError  Optional False

By default, when uploading a file fails, the remaining files will not be uploaded. If this value is set to true, file upload continues even after encountering an upload error. A file upload error happens due to the following reasons:

1. Empty file
2. Invalid file type
3. Invalid MIME or extension
4. File already exists

In the case of an upload failure, the error details will be stored in the errors attribute.

Errors Optional  cffile.uploadAllErrors

The name of the variable in which the file upload errors will be stored. Errors will be populated in the specified variable name when continueOnError is true.After the file upload is completed, this tag creates an array of structures that contains upload failure information for each upload failure.

The upload failure information error structure contains the following fields:

  • REASON - The reason for the failure
  • DETAIL - File upload failure detail
  • MESSAGE - A detailed message depicting the failure
  • CLIENTFILE - Name of the file uploaded from the client's system
  • CLIENTFILEEXT - Extension of the uploaded file on the client system (without a period)
  • CLIENTFILENAME - Name of the uploaded file on the client system (without an extension) 
  • INVALID_FILE_TYPE - If the file mime type or extension is not in the specified accept attribute. If the reason is INVALID_FILE_TYPE, two additional keys will be available in the structure. 
    • ACCEPT: list of mime types or file extensions given in the tag
    • MIMETYPE: mime type of the uploaded file
  • EMPTY_FILE - If the uploaded file is an empty file
  • FILE_EXISTS - If any file with the given name already exists in the destination and the overwritepolicy is error.
  • DEST - The destination where file is copied
  • FORM_FILE_NOT_FOUND - If the uploaded file is not found on the server

Usage

After a file upload is completed, you can get status information using file upload parameters. To refer to parameters, use either the cffile prefix or, if you specified an alternate name in the result attribute, the name you specified there. For example, if you did not specify a name in the result attribute, access the fileExisted parameter as #cffile.fileExisted#. If you set the result attribute to myResult, however, access fileExisted as #myResult.fileExisted#. Status parameters can be used anywhere that other ColdFusion parameters can be used. When you use a cfform tag or an HTML form tag to submit the form with the file to be uploaded, specify enctype="multipart/form-data" in the tag, as shown in the example for this tag. By default, ColdFusion sends the form with the encoding type of application/x-www-form-urlencoded, which causes an error in the cffile tag.

Hinweis:

The result attribute allows functions or CFCs that get called from multiple pages at the same time to avoid overwriting the results of one call with another.

Hinweis:

The file prefix is deprecated, in favor of the cffile prefix. Do not use the file prefix in new applications.

Hinweis:

If your page is uploading a file that was selected on a form or was otherwise sent to your page via a multipart/form-data HTTP message, you can determine the approximate size of the file by checking the value of the CGI.content_length variable. This variable includes the file length plus the length of any other request content.

The following file upload status parameters are available after an upload:

Parameter

Description

attemptedServerFile

Initial name ColdFusion used when attempting to save a file

clientDirectory

Directory location of the file uploaded from the client's system

clientFile

Name of the file uploaded from the client's system

clientFileExt

Extension of the uploaded file on the client system (without a period)

clientFileName

Name of the uploaded file on the client system (without an extension)

contentSubType

MIME content subtype of the saved file

contentType

MIME content type of the saved file

dateLastAccessed

Date and time the uploaded file was last accessed

fileExisted

Whether the file existed with the same path (yes or no)

fileSize

Size of the uploaded file in bytes

fileWasAppended

Whether ColdFusion appended uploaded file to a file (yes or no)

fileWasOverwritten

Whether ColdFusion overwrote a file (yes or no)

fileWasRenamed

Whether uploaded file renamed to avoid a name conflict (yes or no)

fileWasSaved

Whether ColdFusion saves a file (yes or no)

oldFileSize

Size of a file that was overwritten in the file upload operation

serverDirectory

Directory of the file saved on the server

serverFile

Filename of the file saved on the server

serverFileExt

Extension of the uploaded file on the server (without a period)

serverFileName

Name of the uploaded file on the server (without an extension)

timeCreated

Time the uploaded file was created

timeLastModified

Date and time of the last modification to the uploaded file

Hinweis:

File status parameters are read-only. They are set to the results of the most recent cffile operation. If two cffile tags execute, the results of the second overwrite the first, unless you have specified a different result variable in the result attribute.

Example

The following example creates a unique filename, if there is a name conflict when the file is uploaded on Windows:

<!--- Windows Example ---> 
<!--- Check to see if the Form variable exists. ---> 
<cfif isDefined("Form.FileContents") > 
<!--- If TRUE, upload the file. ---> 
<cffile action = "upload" 
fileField = "FileContents" 
destination = "c:\files\upload\" 
accept = "text/html" 
nameConflict = "MakeUnique"> 
<cfelse> 
<!--- If FALSE, show the Form. ---> 
<form method="post" action=<cfoutput>#cgi.script_name#</cfoutput> 
name="uploadForm" enctype="multipart/form-data"> 
<input name="FileContents" type="file"> 
<br> 
<input name="submit" type="submit" value="Upload File"> 
</form> 
</cfif>

Example with attribute allowedExtensions.

<cffile 
        action="upload"  
        destination="#expandpath(".")#" 
        nameconflict="MakeUnique" 
        accept="image/png, image/gif" 
        allowedextensions=".png, .gif" 
        strict="true"  
        continueonerror="true"
>

Dieses Werk unterliegt den Bedingungen der Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.  Twitter™- und Facebook-Beiträge fallen nicht unter die Bedingungen der Creative Commons-Lizenz.

Rechtliche Hinweise   |   Online-Datenschutzrichtlinie