❮ Func Math Rad2Deg Func String Fprintf ❯

PHP `File Upload`

Using PHP, you can upload files to the server.

This section's example is completed under the test project, with the directory structure as follows:

test
|-----upload             # Directory for file uploads
|-----form.html          # Form file
|-----upload_file.php    # PHP upload code

Download Source Code

Creating a File Upload Form

Allowing users to upload files from a form can be very useful.

Here is an HTML form for uploading files:

<html>
<head>
<meta charset="utf-8">
<title>tutorialpro.org(tutorialpro.org)</title>
</head>
<body>

<form action="upload_file.php" method="post" enctype="multipart/form-data">
    <label for="file">Filename:</label>
    <input type="file" name="file" id="file"><br>
    <input type="submit" name="submit" value="Submit">
</form>

</body>
</html>

Save the above code to the form.html file.

Some notes about the HTML form above:

The enctype attribute of the <form> tag specifies which content-type to use when submitting the form. Use "multipart/form-data" when the form requires binary data, such as file content.
The type="file" attribute of the <input> tag specifies that the input should be processed as a file. For example, when previewed in the browser, you will see a browse button next to the input box.

Note: Allowing users to upload files is a significant security risk. Please only allow trusted users to perform file uploads.

Creating the Upload Script

The "upload_file.php" file contains the code for uploading files:

<?php
if ($_FILES["file"]["error"] > 0)
{
    echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
    echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
    echo "File type: " . $_FILES["file"]["type"] . "<br>";
    echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
    echo "Temporary storage location: " . $_FILES["file"]["tmp_name"];
}
?>

By using PHP's global array $_FILES, you can upload files from a client computer to a remote server.

The first parameter is the form's input name, and the second subscript can be "name", "type", "size", "tmp_name", or "error". For example:

$_FILES["file"]["name"] - The name of the uploaded file
$_FILES["file"]["type"] - The type of the uploaded file
$_FILES["file"]["size"] - The size of the uploaded file in bytes
$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] - The error code resulting from the file upload

This is a very simple file upload method. For security reasons, you should add restrictions on which users are allowed to upload files.

Upload Restrictions

In this script, we added restrictions on file uploads. Users can only upload .gif, .jpeg, .jpg, .png files, and the file size must be less than 200 kB:

<?php
// Allowed image file extensions
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);        // Get the file extension
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 204800)    // Less than 200 kb
&& in_array($extension, $allowedExts))
{
    if ($_FILES["file"]["error"] > 0)
    {
        echo "Error: " . $_FILES["file"]["error"] . "<br>";
    }
    else
    {
        echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
        echo "File type: " . $_FILES["file"]["type"] . "<br>";
        echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
        echo "Temporary file location: " . $_FILES["file"]["tmp_name"];
    }
}
else
{
    echo "Invalid file format";
}
?>

Saving the Uploaded File

The example above creates a temporary copy of the uploaded file in the PHP temporary folder on the server.

This temporary copy will disappear when the script ends. To save the uploaded file, we need to copy it to another location:

<?php
// Allowed image file extensions
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
echo $_FILES["file"]["size"];
$extension = end($temp);     // Get the file extension
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 204800)   // Less than 200 kb
&& in_array($extension, $allowedExts))
{
    if ($_FILES["file"]["error"] > 0)
    {
        echo "Error: " . $_FILES["file"]["error"] . "<br>";
    }
    else
    {
        echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
        echo "File type: " . $_FILES["file"]["type"] . "<br>";
        echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
        echo "Temporary file location: " . $_FILES["file"]["tmp_name"] . "<br>";
        
        // Check if the file already exists in the upload directory
        // If the upload directory does not exist, you need to create it with 777 permissions
        if (file_exists("upload/" . $_FILES["file"]["name"]))
        {
            echo $_FILES["file"]["name"] . " file already exists. ";
        }
        else
        {
            // If the file does not exist in the upload directory, upload it

move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "File stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file format";
}
?>

The script checks if the file already exists; if not, it copies the file to the "upload" directory.

The file upload demonstration is as follows: