<< PHP Delete a File | PHP Tutorials

PHP Uploading a File

Safety is very very important when dealing with file uploading. The code given in this tutorial for file uploading should not be for use of the public. It should only be tested by you to get a feel for what you need to do. Allowing public uploads without any security mesures could let users upload executables or bad PHP scripts that could ruin your server or site.

HTML Upload Form

You can't have a file upload script without a form to enter the file in which to upload. There is a simple HTML tag that allows you to do this. Here is an example script:

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="1048576" />
     File: <input type="file" name="the_file" /><br />
    <input type="submit" value="Upload" />
</form>

First you can see that you have the <form> tag. You should notice that there is an extra attribute though, the enctype="multipart/form-data" attribute. This is required while performing a file upload, if it's not found it will not work. You must also always use the post method.

Now next you will see the hidden input named MAX_FILE_SIZE. This defines the maximum size of the file (in bytes) that can be uploaded. There are ways around this, so we will check the size later in a PHP script. Currently it's set to 1MB (1 048 576 bytes).

Next you see what looks like a normal input field, except it has a different type. The type you need to allow the browser to search for files in the client's computer is file. It will create something that looks like this:



Then you have your submit button, which will submit the form.

The $_FILES Superglobal

When the form is submitted, the file is uploaded to a temporary directory on your server. This means that it will be deleted if not in use by the PHP parser! Therefore we must move it to the directory we need. Before we do this we need to know some information about the file. The information about the file will be stored in the associative array $_FILES. It includes the following information (two are omitted):

  • $_FILES['the_file']['name']

    Contains the real name of the file.
  • $_FILES['the_file']['size']

    The size of the file in bytes.
  • $_FILES['the_file']['tmp_name']

    The temporary name of the file located on the server.

The upload.php File

Now that we have an HTML form and know what variables to use, we need a file that can process the information. Here is an example:

<?php
// the_file corresponds to the field name
$name = basename($_FILES['the_file']['name']);
$tmp_name = $_FILES['the_file']['tmp_name'];
$size = $_FILES['the_file']['size'];

// Make sure the file is below the maximum size
if ($size <= 1048576) {
// ..next example..
}
else {
echo 'File was too big.';
}
?>

That will set the file information into the $name, $tmp_name and $size variables. It will then check the size of the file to make sure it's not too big. Next we have to move the uploaded file using the move_uploaded_file() function:

<?php
// the_file corresponds to the field name
$name = basename($_FILES['the_file']['name']);
$tmp_name = $_FILES['the_file']['tmp_name'];
$size = $_FILES['the_file']['size'];

// Make sure the file is below the maximum size
if ($size <= 1048576) {
    // Is it an uploaded file?
    if (is_uploaded_file($tmp_name)) {
        // Move the uploaded file
        if (move_uploaded_file($tmp_name, $name)) {
        echo 'Successfully uploaded.';
        }
        else {
        echo 'Error moving uploaded file.';
        }
    }
    else {
    echo 'There was an error with the upload.';
    }
}
else {
echo 'File was too big.';
}
?>

That will now check to make sure the size is ok, that it is an actual uploaded file and that it was successfully moved. It however is not at all secure and should not be used for the public yet. But you can test this for yourself just to see how it all works :)

End of File Tutorial

That is the end of the file tutorial! Thanks for using it, and I hope it helped you get a basic understanding of file handling in PHP. More advanced tutorials on the subject will arrive shortly! Good luck ;)

<< PHP Delete a File | PHP Tutorials