RCRAMER.COM
Clever website slogan
Home > Tech > PHP > Files

PHP File Upload

With PHP it is possible to upload files to the server.

Create an Upload-File Form

Allowing users to upload files to your server may be useful. The following is an example of an HTML file upload form:

<html>
<body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <input type="submit" name="submit" value="Submit" /> </form>
</body>
</html>
Notice the following about the HTML example above:
  • The enctype attribute of the <form> tag specifies which content-type to use when submitting the form. "multipart/form-data"is used for binary data to be uploaded.
  • The type="file" attribute of the <input> tag specifies that the input should be processed as a file.

Note: Allowing users to upload files can be a big security risk.

Create the Upload Script

The following is an exampe of the "upload_file.php" script referenced above.

<?php if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; }
?>

The $_FILES array is used for uploading files form the client to the server. The first parameter is the form's input name and the second index can either be "name", "type", "size", "tmp_name" or "error":

$_FILES["file"]["name"] the name of the uploaded file
$_FILES["file"]["type"] the type of the uploaded file
$_FILES["file"]["size"] the size in bytes of the uploaded file
$_FILES["file"]["tmp_name"]the name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] the error code resulting from the file upload

This is a very simple way of uploading files. For security reasons, you should restrict what the user is allowed to upload.

Restrictions on Upload

In this version of "file_upload.php" we add some restrictions to the file upload. The user may only upload .gif or .jpeg files and the file size must be under 20 kb

<?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } } else { echo "Invalid file"; } ?>

Note: For IE to recognize jpg files the type must be pjpeg, for FireFox it must be jpeg.

Saving the Uploaded File

The two examples above create a temporary copy of the uploaded files in the PHP temp folder on the server. The temporary copied files disappears when the script ends. To store the uploaded file we need to copy it to a different location:

<?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?>

The script above checks if the file already exists, if it does not, it copies the file to the specified folder.

Note: This example saves the file to a new folder called "upload"