PHP File Upload

by Saloni Gavade On

PHP File Upload-

In this tutorial, we will learn how to upload files on a remote server using a simple HTML form and PHP. You can upload any kind of file like images, videos, ZIP files, Microsoft Office documents, PDFs, as well as executables files and a wide range of other file types.

First, we’ll create an HTML form that the user will see when they want to upload the file. Create a new folder for this example project, and within it, create an index.html file with the following code:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>PHP File Upload Form</title>
</head>
<body>
    <form action="fileUploadScript.php" method="post" enctype="multipart/form-data">
       <h2>Upload File</h2>
        <label for="fileSelect">Filename:</label>
        <input type="file" name="photo" id="fileSelect">
        <input type="submit" name="submit" value="Upload">
        <p><strong>Note:</strong> Only .jpg, .jpeg, .gif, .png formats allowed to a max size of 5 MB.</p>
    </form>
</body>
</html>

Code explanation:

  • action=”fileUploadScript.php” – This references the PHP script that will handle the file upload on the backend.
  • method=”post” – This tells the browser action the form will use when sending the file to the server (for uploads, this is almost always a POST action, sometimes a PUT).
  • enctype=”multipart/form-data” – This determines the content-type that the form submits.

Now we will process the uploaded file. Below is the complete code of our “fileUploadScript.php” file. It will store the uploaded file in an “upload” folder on a permanent basis as well as implement some basic security check like file type and file size to ensure the user upload the correct file type and within the allowed limit. PHP File Upload

<?php
// Check if the form was submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
    // Check if file was uploaded without errors
    if(isset($_FILES["photo"]) && $_FILES["photo"]["error"] == 0){
        $allowed = array("jpg" => "image/jpg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png");
        $filename = $_FILES["photo"]["name"];
        $filetype = $_FILES["photo"]["type"];
        $filesize = $_FILES["photo"]["size"];
    
        // Verify file extension
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        if(!array_key_exists($ext, $allowed)) die("Error: Please select a valid file format.");
    
        // Verify file size - 5MB maximum
        $maxsize = 5 * 1024 * 1024;
        if($filesize > $maxsize) die("Error: File size is larger than the allowed limit.");
    
        // Verify MYME type of the file
        if(in_array($filetype, $allowed)){
            // Check whether file exists before uploading it
            if(file_exists("upload/" . $filename)){
                echo $filename . " is already exists.";
            } else{
                move_uploaded_file($_FILES["photo"]["tmp_name"], "upload/" . $filename);
                echo "Your file was uploaded successfully.";
            } 
        } else{
            echo "Error: There was a problem uploading your file. Please try again."; 
        }
    } else{
        echo "Error: " . $_FILES["photo"]["error"];
    }
}
?>

A couple of things to note:

The key used to access the file from the $_FILES object matches the name attribute used in the form.

Once the form is submitted information about the uploaded file can be accessed via PHP superglobal array called $_FILES. For example, our upload form contains a file select field called photo (i.e. name=” photo”), if any user uploaded a file using this field, we can obtain its details like the name, type, size, temporary name or any error occurred while attempting the upload via the $_FILES[“photo”] associative array, like this:

  • $_FILES[“photo”][“name”] — This array value specifies the original name of the file, including the file extension. It doesn’t include the file path.
  • $_FILES[“photo”][“type”] — This array value specifies the MIME type of the file.
  • $_FILES[“photo”][“size”] — This array value specifies the file size, in bytes.
  • $_FILES[“photo”][“tmp_name”] — This array value specifies the temporary name including a full path that is assigned to the file once it has been uploaded to the server.
  • $_FILES[“photo”][“error”] — This array value specifies error or status code associated with the file upload, e.g. it will be 0 if there is no error.

The PHP code in the following example will simply display the details of the uploaded file and stores it in a temporary directory on the web server.

<?php
if($_FILES["photo"]["error"] > 0){
    echo "Error: " . $_FILES["photo"]["error"] . "<br>";
} else{
    echo "File Name: " . $_FILES["photo"]["name"] . "<br>";
    echo "File Type: " . $_FILES["photo"]["type"] . "<br>";
    echo "File Size: " . ($_FILES["photo"]["size"] / 1024) . " KB<br>";
    echo "Stored in: " . $_FILES["photo"]["tmp_name"];
}
?>

Once a file has been successfully uploaded, it is automatically stored in a temporary directory on the server. To store this file on a permanent basis, you need to move it from the temporary directory to a permanent location using the PHP’s move_uploaded_file() function.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.