Implemented file uploads (multipart), see #86

README.md

@@ -38,6 +38,7 @@ This is a single file application! Upload "api.php" somewhere and enjoy!
   - Supports POST variables as input
   - Supports a JSON object as input
   - Supports a JSON array as input (batch insert)
+  - Supports file upload from web forms (multipart/form-data)
   - Condensed JSON ouput: first row contains field names
   - Sanitize and validate input using callbacks
   - Permission system for databases, tables, columns and records
@@ -583,6 +584,29 @@ icon=ZGF0YQ
 
 In the above example you see how binary data is sent. Both "base64url" and standard "base64" are allowed (see rfc4648).
 
+## File uploads
+
+You can also upload a file using a web form (multipart/form-data) like this:
+
+```
+    <form method="post" action="http://localhost/api.php/icons" enctype="multipart/form-data">
+        Select image to upload:
+        <input type="file" name="icon">
+        <input type="submit">
+    </form>
+```
+
+Then this is handled as if you would have sent:
+
+```
+POST http://localhost/api.php/icons
+{"icon_name":"1px.gif","icon_type":"image\/gif","icon":"R0lGODlhAQABAAAAACH5BAEAAAAALAAAAAABAAEAAAI=","icon_error":0,"icon_size":32}
+```
+
+As you can see the "xxx_name", "xxx_type", "xxx_error" and "xxx_size" meta fields are added (where "xxx" is the name of the file field).
+
+NB: You cannot edit a file using this method, because browsers do not support the "PUT" method in these forms.
+
 ## Spatial/GIS support
 
 There is also support for spatial filters:

api.php

@@ -1351,9 +1351,8 @@ class PHP_CRUD_API {
 		return array($tableset,$collect,$select);
 	}
 
-	protected function retrieveInput($post) {
+	protected function retrieveInputs($data) {
 		$input = (object)array();
-		$data = trim(file_get_contents($post));
 		if (strlen($data)>0) {
 			if ($data[0]=='{' || $data[0]=='[') {
 				$input = json_decode($data);
@@ -1491,9 +1490,9 @@ class PHP_CRUD_API {
 		if ($tenancy_function) $this->applyTenancyFunction($tenancy_function,$action,$database,$fields,$filters);
 		if ($column_authorizer) $this->applyColumnAuthorizer($column_authorizer,$action,$database,$fields);
 
-		if ($post) {
+		if (strlen($post)) {
 			// input
-			$contexts = $this->retrieveInput($post);
+			$contexts = $this->retrieveInputs($post);
 			$inputs = array();
 			foreach ($contexts as $context) {
 				$input = $this->filterInputByFields($context,$fields[$tables[0]]);
@@ -1697,6 +1696,22 @@ class PHP_CRUD_API {
 		$this->endOutput($callback);
 	}
 
+	protected function retrievePostData() {
+		if ($_FILES) {
+			$files = array();
+			foreach ($_FILES as $name => $file) {
+				foreach ($file as $key => $value) {
+					switch ($key) {
+						case 'tmp_name': $files[$name] = base64_encode(file_get_contents($value)); break;
+						default: $files[$name.'_'.$key] = $value;
+					}
+				}
+			}
+			return http_build_query(array_merge($files,$_POST));
+		}
+		return file_get_contents('php://input');
+	}
+
 	public function __construct($config) {
 		extract($config);
 
@@ -1742,7 +1757,7 @@ class PHP_CRUD_API {
 			$get = $_GET;
 		}
 		if (!$post) {
-			$post = 'php://input';
+			$post = $this->retrievePostData();
 		}
 
 		// connect

tests/tests.php

@@ -21,8 +21,6 @@ class API
 		$query = isset($url['query'])?$url['query']:'';
 		parse_str($query,$get);
 
-		$data = 'data://text/plain;base64,'.base64_encode($data);
-
 		$this->api = new PHP_CRUD_API(array(
 				'dbengine'=>PHP_CRUD_API_Config::$dbengine,
 				'hostname'=>PHP_CRUD_API_Config::$hostname,