PHP Upload File

You can use PHP to allow your users to upload a file to the server.

To allow users to upload a file to the server, you first need to provide a form for them to specify which file they want to upload. Once they click the submit button of the form, the action page is called. This is the page that needs to contain the PHP code to process the uploaded file.

The Input Form

Before a user can upload a file, you need to provide them with an interface that allows them to select a file and initiate the upload.

The following code is an example of an input form. There are a couple of important things to note about this code:

Copy to Clipboard
<html>
<head>
<title>PHP File Upload Example</title>
</head>
<body>
<form enctype="multipart/form-data" method="post" action="uploadFile.php">
<input type="file" name="fileToUpload" /><br />
<input type="submit" value="Upload File" />
</form>
</body>
</html>

The Action Page

Once the user uploads a file, the file is uploaded into a temporary directory on the server. If you don't move the file it will disappear. Therefore, your action page needs to move the file to another location where it can stay as long as you want it to.

Whenever a file is uploaded, you can find out certain information about the file including its name, type, size, as well as the name of the temporary file on the server. These details are made available to you via a PHP array called $_FILES.

Displaying Details of the Uploaded File

This code simply displays the details of the uploaded file. It doesn't move the file to another location - we'll get to that next. For now, you can use this code in conjunction with the above input form to demonstrate what happens when you upload a file to the server.

Notice the PHP $_FILES array which contains info about the file. Note that we also divide the file size by 1024 in order to convert it into kb.

(Ignore any carriage returns in this example - each table row should be on one line).

Copy to Clipboard
echo "<table border=\"1\">";
echo "<tr><td>Client Filename: </td>
   <td>" . $_FILES["fileToUpload"]["name"] . "</td></tr>";
echo "<tr><td>File Type: </td>
   <td>" . $_FILES["fileToUpload"]["type"] . "</td></tr>";
echo "<tr><td>File Size: </td>
   <td>" . ($_FILES["fileToUpload"]["size"] / 1024) . " Kb</td></tr>";
echo "<tr><td>Name of Temp File: </td>
   <td>" . $_FILES["fileToUpload"]["tmp_name"] . "</td></tr>";
echo "</table>";

The above code results in something like this:

Client Filename: Water lilies.jpg
File Type: image/jpeg
File Size: 81.830078125 Kb
Name of Temp File: C:\WINDOWS\TEMP\php48B2.tmp

Moving the Temp File

As mentioned, if we want to keep the file on the server, we need to move it to another location (of our choice). The following code demonstrates how to move the file from the temporary location.

Copy to Clipboard
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], "C:/upload/" . $_FILES["fileToUpload"]["name"]);

Checking for Errors

The $_FILES array includes an item for any errors that may result from the upload. This contains an error code. If there are no errors, the value is zero ( 0 ).

You check this value within an "If" statement. If the value is greater than zero, you know an error has occurred and you can present a user friendly message to the user. Otherwise you can processing the file.

Copy to Clipboard
if ($_FILES["fileToUpload"]["error"] > 0)
   {
   echo "Apologies, an error has occurred.";
   echo "Error Code: " . $_FILES["fileToUpload"]["error"];
   }
else
   {

   move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
  "C:/upload/" . $_FILES["fileToUpload"]["name"]);
}

Restricting File Type/Size

Letting your users upload files to your server can be very risky. If you're not careful, you could get users uploading all sorts of files - perhaps including harmful executables etc. You could also find one day that you've run out of disk space because some users have been uploading enormous files.

You can restrict the file types and file sizes by using an "if" statement. If the file type and size are acceptable, processing can continue, otherwise, display a message to the user.

Important Note: This doesn't prevent the temp file from being created. The file needs uploaded to the server before PHP can find out the file size and type. This simply prevents the file from being moved to your "permanent" location - hence the file should disappear and (hopefully) not become a problem. In any case, I recommend that you install good anti-virus software before allowing users to upload files to your server.

Copy to Clipboard
if (($_FILES["fileToUpload"]["type"] == "image/gif")
  || ($_FILES["fileToUpload"]["type"] == "image/jpeg")
  || ($_FILES["fileToUpload"]["type"] == "image/png" )
  && ($_FILES["fileToUpload"]["size"] < 10000))
  {
  move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
    "C:/upload/" . $_FILES["fileToUpload"]["name"]);
  }
else
  {
  echo "Files must be either JPEG, GIF, or PNG and less than 10,000 kb";
  }

Enjoy this page?