How to upload files in php

file uploading in php

This example explains how to upload files in PHP. PHP makes uploading files easy. You can upload any type of file to your Web server. But with ease comes danger and you should be careful when allowing file uploads.

In spite of security issues that should be addressed before enabling file uploads, the actual mechanisms to allow this are straight forward. In this tutorial we will consider how to upload files to some directory on your Web server. We will also discuss security issues concerned with the file uploading.

The HTML Form:

Before you can use PHP to manage your uploads, you need first construct an HTML form as an interface for a user to upload his file. Have a look at the example below and save this HTML code as index.php.

<html><html><body>  <form enctype="multipart/form-data" action="upload.php" method="post">  <input type="hidden" name="MAX_FILE_SIZE" value="1000000" />  Choose a file to upload: <input name="uploaded_file" type="file" />  <input type="submit" value="Upload" />  </form> </body> </html>

There are some rules you need to follow when constructing your HTML form. First, make sure that the form uses the POST method. Second, the form needs the following attribute: enctype=”multipart/form-data”. It specifies which content-type to use when submitting information back to server. Without these requirements, your file upload will not work.

Another thing to notice is the hidden form field named MAX_FILE_SIZE. Some web browsers actually pick up on this field and will not allow the user to upload a file bigger than this number (in bytes). You should set this value to coincide with the maximum upload size that is set in your php.ini file. It is set with the upload_max_filesize directive and the default is 2MB. But it still cannot ensure that your script won’t be handed a file of a larger size. The danger is that an attacker will try to send you several large files in one request and fill up the file system in which PHP stores the decoded files. Set the post_max_size directive in your php.ini file to the maximum size that you want (must be greater than upload_max_filesize). The default is 10MB. This directive controls the maximum size of all the POST data allowed in a single request. Also make sure that file_uploads inside your php.ini file is set to On.

At least, have a look at the input tag attribute: type=”file”. It is used to designate the input element as a file select control. This provides a place for the URI of a file to be typed and a “Browse” button which can be used as an alternative to typing the URI.

After the user enters the URI of a file and clicks the Submit button the copy of the file will be sent to the server and the user will be redirected to upload.php. This PHP file will process the form data.

Processing the Form Data with PHP Code:

When the file was uploaded, PHP created a temporary copy of the file, and built the superglobal $_FILES array containing information about the file. For each file, there are five pieces of data. We had named our upload field ‘uploaded_file’, so the following data would exist:

  • $_FILES[“uploaded_file”][“name”] the original name of the file uploaded from the user’s machine
  • $_FILES[“uploaded_file”][“type”] the MIME type of the uploaded file (if the browser provided the type)
  • $_FILES[“uploaded_file”][“size”] the size of the uploaded file in bytes
  • $_FILES[“uploaded_file”][“tmp_name”] the location in which the file is temporarily stored on the server
  • $_FILES[“uploaded_file”][“error”] an error code resulting from the file upload

The example below accepts an uploaded file and saves it in the upload directory. It allows to upload only JPEG images under 350Kb. The code, itself, is rather clear, but we will give a little explanation. Have a look at the example and save this PHP code as upload.php.

$errors= array();
$file_name = $_FILES['uploaded_file']['name'];
$file_size = $_FILES['uploaded_file']['size'];
$file_tmp = $_FILES['uploaded_file']['tmp_name'];
$file_type = $_FILES['uploaded_file']['type'];

$expensions= array("jpeg","jpg");

if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";

if($file_size > 1000000) {
$errors[]='File size must be excately 2 MB';

$dirname = "images";

if (!file_exists($dirname)) {
mkdir($dirname, 0777);
//echo "The directory $dirname was successfully created.";

if(empty($errors)==true) {
echo "Success";

//here you can resirect to index.php with success flag to show the success message in the form upload itself.


You may also like...