PHP 8.3.4 Released!

PUT method support

PHP provides support for the HTTP PUT method used by some clients to store files on a server. PUT requests are much simpler than a file upload using POST requests and they look something like this:

PUT /path/filename.html HTTP/1.1

This would normally mean that the remote client would like to save the content that follows as: /path/filename.html in your web tree. It is obviously not a good idea for Apache or PHP to automatically let everybody overwrite any files in your web tree. So, to handle such a request you have to first tell your web server that you want a certain PHP script to handle the request. In Apache you do this with the Script directive. It can be placed almost anywhere in your Apache configuration file. A common place is inside a <Directory> block or perhaps inside a <VirtualHost> block. A line like this would do the trick:

Script PUT /put.php

This tells Apache to send all PUT requests for URIs that match the context in which you put this line to the put.php script. This assumes, of course, that you have PHP enabled for the .php extension and PHP is active. The destination resource for all PUT requests to this script has to be the script itself, not a filename the uploaded file should have.

With PHP you would then do something like the following in your put.php. This would copy the contents of the uploaded file to the file myputfile.ext on the server. You would probably want to perform some checks and/or authenticate the user before performing this file copy.

Example #1 Saving HTTP PUT files

<?php
/* PUT data comes in on the stdin stream */
$putdata = fopen("php://input", "r");

/* Open a file for writing */
$fp = fopen("myputfile.ext", "w");

/* Read the data 1 KB at a time
and write to the file */
while ($data = fread($putdata, 1024))
fwrite($fp, $data);

/* Close the streams */
fclose($fp);
fclose($putdata);
?>

add a note

User Contributed Notes 10 notes

up
3
arnaud at caramia dot Fr
9 months ago
We resolved our problem with https://pecl.php.net/package/apfd.

It parses multipart/form-data body (files and payload) with PUT and PATCH http requests, witch was only possible before with POST http request.
up
3
Oscar Fernandez Sierra
2 years ago
This is what worked for me. There are many examples in the web that don't work. I found in https://lornajane.net/posts/2009/putting-data-fields-with-php-curl.

IMPORTANT: You should not use the code

curl_setopt($ch, CURLOPT_PUT, true);

even if it seems to be the right option (it would be the right option for a POST request, with CURLOPT_POST, but it does not work for a PUT request).

Notice that the constant CURLOPT_CUSTOMREQUEST is used instead of CURLOPT_PUT, and that the value used is "PUT" instead of true.

<?php

$url
= "....."; // put your URL here

$data = array("a" => $a);

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));

$response = curl_exec($ch);
if ( !
$response) {
return
false;
}
up
39
micronix at gmx dot net
13 years ago
Hello PHP World After many Hours of worryness :=)

I have found the Solution for Resume or Pause Uploads
In this Code Snippet it is the Server Side not Client on any Desktop Programm you must use byte ranges to calculate the uploaded bytes and missing of total bytes.

Here the PHP Code

<?php
$CHUNK
= 8192;

try {
if (!(
$putData = fopen("php://input", "r")))
throw new
Exception("Can't get PUT data.");

// now the params can be used like any other variable
// see below after input has finished

$tot_write = 0;
$tmpFileName = "/var/dev/tmp/PUT_FILE";
// Create a temp file
if (!is_file($tmpFileName)) {
fclose(fopen($tmpFileName, "x")); //create the file and close it
// Open the file for writing
if (!($fp = fopen($tmpFileName, "w")))
throw new
Exception("Can't write to tmp file");

// Read the data a chunk at a time and write to the file
while ($data = fread($putData, $CHUNK)) {
$chunk_read = strlen($data);
if ((
$block_write = fwrite($fp, $data)) != $chunk_read)
throw new
Exception("Can't write more to tmp file");

$tot_write += $block_write;
}

if (!
fclose($fp))
throw new
Exception("Can't close tmp file");

unset(
$putData);
} else {
// Open the file for writing
if (!($fp = fopen($tmpFileName, "a")))
throw new
Exception("Can't write to tmp file");

// Read the data a chunk at a time and write to the file
while ($data = fread($putData, $CHUNK)) {
$chunk_read = strlen($data);
if ((
$block_write = fwrite($fp, $data)) != $chunk_read)
throw new
Exception("Can't write more to tmp file");

$tot_write += $block_write;
}

if (!
fclose($fp))
throw new
Exception("Can't close tmp file");

unset(
$putData);
}

// Check file length and MD5
if ($tot_write != $file_size)
throw new
Exception("Wrong file size");

$md5_arr = explode(' ', exec("md5sum $tmpFileName"));
$md5 = $md5sum_arr[0];
if (
$md5 != $md5sum)
throw new
Exception("Wrong md5");
} catch (
Exception $e) {
echo
'', $e->getMessage(), "\n";
}
?>
up
3
San
9 years ago
Instead of using fread fwrite to save uploaded content to a file.
stream_copy_to_stream is much cleaner.
up
2
polygon dot co dot in at gmail dot com
10 months ago
I was confused with file uploads using the PUT method.
My concern was why can't we upload multiple files using the PUT method with streams
PUT data comes in on the stdin stream
$putdata = fopen("php://input", "r");
Note the $putdata is a file pointer to the file content that is being uploaded.
The data is received on the server on the fly (which means available as it is received)

Secondly, when we are using parse_str(file_get_contents("php://input")).
This means the data is completely received on the server end and is then made available to the script.

When using fopen() one cant parse the data. This can be used when uploading a large file.
The file may range from 100's of MBs to Gigs where streams plays a major role.

Streams make the file data available to script in chunks instead of first saving in the temp folder.
Hence, when using $putdata = fopen("php://input", "r"); one can't pass the payload as well.
If someone wants to pass the payload the only option is in the URL query string.
up
0
willy at kochkonsult dot no
2 years ago
All the example code I found for using PUT with PHP always used a default hard-coded file extension for the incoming stream.

The filename from the incoming file PUT request can't be found anywhere from the incoming request (at least I couldn't find it) but mimetype can be found in the $_SERVER global variable.

I used this code to get the correct file extension:

$mimeType = $_SERVER['HTTP_CONTENT_TYPE'];

if ($mimeType!='application/pdf')
{
header('HTTP/1.1 405 Only PDF files allowed');
echo("Only PDF files are allowed for upload - this file is ".$mimeType);
die();
}
else $fileExtension = 'pdf';

If you have an Apache Tika server available, that would be the best option to analyze the file content to get the mimetype, but that might not be in scope for everyone :-)
up
-2
yaogzhan at gmail dot com
18 years ago
PUT raw data comes in php://input, and you have to use fopen() and fread() to get the content. file_get_contents() is useless.

The HTTP PUT request MUST contain a Content-Length header to specify the length (in bytes) of the body, or the server will not be able to know when the input stream is over. This is the common problem for many to find the php://input empty if no such header available.

This should make PUT work properly on win32 using PHP5.1.1 and apache2.
up
-4
gherson
18 years ago
A Case Study: To set up publishing with Netscape 7.2 Composer to Apache/PHP, no need to use CGI (which I tried unsuccessfully for too long) or to alter Apache's httpd.conf. I needed only to click Publish As, fill in put2disk.php as the filename (where its contents are the below), and fill in that file's dir as the "Publishing address".
XAMPP 1.4.14: Apache/2.0.54 (Win32) mod_ssl/2.0.54 OpenSSL/0.9.7g PHP/5.0.4.

<? // filename: put2disk.php.

//file_put_contents ("get_def.out", print_r (get_defined_vars(), TRUE)); // debugging

// Two slurp methods: (a) didn't work, (b) did.
//$stdin_rsc = fopen("php://input", "r");
//$putdata='';
//while ($putdata .= fread($stdin_rsc, 1024)); // a. Hangs the "Publishing..." dialog.
//while (!feof($stdin_rsc)) $putdata.=fread($stdin_rsc, 8192); // b. Worked, but file_get_contents is faster.
//fclose($stdin_rsc);

// All that's nec:
$putdata=file_get_contents('php://input'); // Not php://stdin! (When the ability to see error messages isn't available, the doc (this manual page) needs to be more accurate.)

file_put_contents("stdin.out",$putdata);
?>
up
-6
warhog at warhog dot net
18 years ago
NOTE: The <Script>-Directive can not be placed in .htaccess files.

So if you're having shared webspace and no access to the apache-configuration file you will have little chance to make something like this work.

But you can solve the problem, using mod_rewrite (for Apache) - for further information see the documentation at http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
up
-9
mikeb at mikebanahan dot com
20 years ago
I have spent a lot of time trying to make PUT work with Apache 2.0.40. I have not yet been able to find any way of making the Script directive invoke php via mod_php, the only way has been to have a file called example.cgi and invoke it via CGI, with the file starting
#!/usr/bin/php
so the PHP interpreter is invoked through the CGI mechanism and not as a module.

If there IS a way of making it work 'right' I'd love to know! After six hours of messing around, I've settled for CGI. The error messages in the apache error log are significantly misleading and the whole thing has been an exercise in frustration.

Attempts to use AddHandler and all 'normal' ways of trying to persuade Apache to do this have been fruitless. It does seem as if PUT can only be handled by CGI invocation.
To Top