Description
Copies a file to a directory on the server.
Syntax
<cffile action = "upload" allowedExtensions="comma-separated list of file extensions" destination = "full pathname" fileField = "form field" accept = "MIME type|file type" attributes = "file attribute or list" mode = "permission" nameConflict = "behavior" result = "result name" strict="true|false" ContinueOnError = "true|false" Errors = "variable in which the file upload errors will be stored">
See also
History
ColdFusion (2018 release) Update 3, ColdFusion (2016 release) Update 10, ColdFusion 11 Update 18: Added the attribute allowedExtensions.
ColdFusion 10: Added the attribute strict. See the History section of the main cffile tag page.
Attributes
Attribute |
Req/Opt |
Default |
Description |
|---|---|---|---|
action |
Required |
|
Type of file manipulation that the tag performs. |
| allowedExtensions | Optional | A comma-separated list of file extensions, which will be allowed for upload. For example, .png, .jpg, or, .jpeg. You can use "*" (star) to allow all files, except where you specify the MIME type in the accept attribute. Values specified in the attribute allowedExtensions override the list of blocked extensions in the server or application settings. |
|
destination |
Required |
|
Pathname of directory in which to upload the file. If not an absolute path (starting with a drive letter and a colon, or a forward or backward slash), it is relative to the ColdFusion temporary directory, which is returned by the GetTempDirectory function. |
fileField |
Optional |
|
Name of form field used to select the file. Do not use number signs (#) to specify the field name. If omitted, it defaults to the name of the first file field submitted. |
accept |
Optional |
|
Limits the MIME types to accept. It is a comma-delimited list. For example, the following code permits JPEG and Microsoft Word file uploads:"image/jpg,application/msword". When strict="true" If the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings. When strict="false" If you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded. If you provide a MIME type in the attribute accept, and the extension of the file you are trying to upload is blocked in the Administrator/Application-level settings, the file does not get uploaded. For example,
Values specified in the attribute allowedExtensions overrides the list of blocked extensions in the server or application settings. |
attributes |
Optional |
|
Applies to Windows. A comma-delimited list of attributes to set on the file.
|
mode |
Optional |
|
Applies only to UNIX and Linux. Permissions. Octal values of chmod command. Assigned to owner , group, and other, respectively, for example:
|
nameConflict |
Optional |
Error |
Action to take if filename is the same as that of a file in the directory.
|
result |
Optional |
|
Lets you specify a name for the variable in which cffile returns the result (or status) parameters. If you do not specify a value for this attribute, cffile uses the prefix cffile . For more information, see Usage. |
strict |
Optional | true |
strict="false" If you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded. If you provide a MIME type in the attribute accept, and the extension of the file you are trying to upload is blocked in the Administrator/Application-level settings, the file does not get uploaded. For example,
strict="true" If the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings. For example, if you have blocked file type CFM in the ColdFusion Administrator and specified accept=”text/x-coldfusion” and strict=”true”, and you try uploading a cfm file, the file does not get uploaded. Values specified in the attribute allowedExtensions overrides the list of blocked extensions in the server or application settings. |
| ContinueOnError | Optional | False | By default, when uploading a file fails, the remaining files will not be uploaded. If this value is set to true, file upload continues even after encountering an upload error. A file upload error happens due to the following reasons: 1. Empty file In the case of an upload failure, the error details will be stored in the errors attribute. |
| Errors | Optional | cffile .uploadAllErrors | The name of the variable in which the file upload errors will be stored. Errors will be populated in the specified variable name when continueOnError is true .After the file upload is completed, this tag creates an array of structures that contains upload failure information for each upload failure. The upload failure information error structure contains the following fields:
|
If you upload a file with zero bytes, there is no exception. Instead, the file gets uploaded to the server. By default, uploading an empty file will not produce an error. You can, however, disallow this by changing the property, coldfusion.file.upload.disallowemptyfileupload, to TRUE.
Usage
After a file upload is completed, you can get status information using file upload parameters. To refer to parameters, use either the cffile prefix or, if you specified an alternate name in the result attribute, the name you specified there. For example, if you did not specify a name in the result attribute, access the fileExisted parameter as #cffile.fileExisted#. If you set the result attribute to myResult, however, access fileExisted as #myResult.fileExisted#. Status parameters can be used anywhere that other ColdFusion parameters can be used. When you use a cfform tag or an HTML form tag to submit the form with the file to be uploaded, specify enctype="multipart/form-data" in the tag, as shown in the example for this tag. By default, ColdFusion sends the form with the encoding type of application/x-www-form-urlencoded, which causes an error in the cffile tag.
The result attribute allows functions or CFCs that get called from multiple pages at the same time to avoid overwriting the results of one call with another.
The file prefix is deprecated, in favor of the cffile prefix. Do not use the file prefix in new applications.
If your page is uploading a file that was selected on a form or was otherwise sent to your page via a multipart/form-data HTTP message, you can determine the approximate size of the file by checking the value of the CGI.content_length variable. This variable includes the file length plus the length of any other request content.
The following file upload status parameters are available after an upload:
Parameter |
Description |
|---|---|
attemptedServerFile |
Initial name ColdFusion used when attempting to save a file |
clientDirectory |
Directory location of the file uploaded from the client's system |
clientFile |
Name of the file uploaded from the client's system |
clientFileExt |
Extension of the uploaded file on the client system (without a period) |
clientFileName |
Name of the uploaded file on the client system (without an extension) |
contentSubType |
MIME content subtype of the saved file |
contentType |
MIME content type of the saved file |
dateLastAccessed |
Date and time the uploaded file was last accessed |
fileExisted |
Whether the file existed with the same path (yes or no) |
fileSize |
Size of the uploaded file in bytes |
fileWasAppended |
Whether ColdFusion appended uploaded file to a file (yes or no) |
fileWasOverwritten |
Whether ColdFusion overwrote a file (yes or no) |
fileWasRenamed |
Whether uploaded file renamed to avoid a name conflict (yes or no) |
fileWasSaved |
Whether ColdFusion saves a file (yes or no) |
oldFileSize |
Size of a file that was overwritten in the file upload operation |
serverDirectory |
Directory of the file saved on the server |
serverFile |
Filename of the file saved on the server |
serverFileExt |
Extension of the uploaded file on the server (without a period) |
serverFileName |
Name of the uploaded file on the server (without an extension) |
timeCreated |
Time the uploaded file was created |
timeLastModified |
Date and time of the last modification to the uploaded file |
File status parameters are read-only. They are set to the results of the most recent cffile operation. If two cffile tags execute, the results of the second overwrite the first, unless you have specified a different result variable in the result attribute.
Example
The following example creates a unique filename, if there is a name conflict when the file is uploaded on Windows:
<!--- Windows Example --->
<!--- Check to see if the Form variable exists. --->
<cfif isDefined("Form.FileContents") >
<!--- If TRUE, upload the file. --->
<cffile action = "upload"
fileField = "FileContents"
destination = "c:\files\upload\"
accept = "text/html"
nameConflict = "MakeUnique">
<cfelse>
<!--- If FALSE, show the Form. --->
<form method="post" action=<cfoutput>#cgi.script_name#</cfoutput>
name="uploadForm" enctype="multipart/form-data">
<input name="FileContents" type="file">
<br>
<input name="submit" type="submit" value="Upload File">
</form>
</cfif>
Example with attribute allowedExtensions.
<cffile
action="upload"
destination="#expandpath(".")#"
nameconflict="MakeUnique"
accept="image/png, image/gif"
allowedextensions=".png, .gif"
strict="true"
continueonerror="true"
>