PHP File Upload


Any file from client machine or user computer can be easily uploaded to server with PHP.

But the danger easily arrives, therefore be careful always when uploading files!

You can also search for these topics, php file upload, file uploading using php, how to upload the file in php, php file upload validation, upload the file in php, php file upload vulnerability.

Configure The "php.ini" File

First, make sure that the file uploads are allowed with a PHP setting.

Find the file uploads directive in your "php.ini" file and enable it :

file_uploads = On
You can also search for these topics, the php.ini file configuration, configure the php.ini file, create the php.ini file, configure php.ini file upload, how to enable the file upload in php.

Create The HTML Form

Next, construct an HTML form that allows customers to select the picture file they want to upload :

<!DOCTYPE html>
<html>
<body>

<form action="upload.php" method="post" enctype="multipart/form-data">
  Select image to upload:
  <input type="file" name="fileToUpload" id="fileToUpload">
  <input type="submit" value="Upload Image" name="submit">
</form>

</body>
</html>

For the HTML form above, there are some guidelines to follow :

  • Check that the form's method="post" is used.
  • The following characteristic is also required, enctype="multipart/form-data" It determines the type of material to utilize when you submit the form.

The file upload will not work without the required conditions.

The form above transfers data to a file called "upload.php", which we will construct next."

You can also search for these topics, create the html form, upload the html form in php, rules to create the html form, how to display the upload file in php, steps involved in create the html form.

Create The Upload File PHP Script

The code for uploading a file can be found in the "upload.php" file.

Example :-

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
  if($check !== false) {
    echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
  } else {
    echo "File is not an image.";
    $uploadOk = 0;
  }
}
?>

PHP script explained :-

  • $target dir= "uploads/" - defines the destination directory (where to store all uploaded files) for the file.
  • The path to the file to be uploaded is specified by $target_file.
  • $uploadOk=1 has yet to be utilised (will be used later).
  • $imageFileType contains the file extension (in lower case).
  • Then examine whether the image file is a picture or a false picture.

Note :- In the directory containing the "upload.php" file, you must create a new directory called "uploads". The uploaded files will be kept there.

You can also search for these topics, create upload php file, create the upload file for php, example to create the upload file for php, how to complete the uploading php files.

Check if File Already Exists

We can now add some constraints.

First, we will check whether the file exists previously in the folder "uploads". If so, an error notice and $UploadOk is set to 0 are displayed.

Example :-

// Check if file already exists
if (file_exists($target_file)) {
  echo "Sorry, file already exists.";
  $uploadOk = 0;
}
You can also search for these topics, check the availability of file, check if the file already exists, check the uploaded folder in php, php check the file already exists or not with example.

Limit File Size

In our HTML form above, the file input area is labeled "fileToUpload".

Now we're going to look at the file's size. An error notice is presented if the file is larger than 500KB, and $uploadOk is set to 0 :

Example :

// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
  echo "Sorry, your file is too large.";
  $uploadOk = 0;
}
You can also search for these topics, php limit file size, find the size of file using php, php limit of the file size, php limit file size example.

Limit File Type

Users can only upload JPG, JPEG, PNG, and GIF files using the code below. Before setting $uploadOk to 0 for all other file kinds, an error notice appears :

Example :-

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
  $uploadOk = 0;
}
You can also search for these topics, php limit file type, find the limit type of file using php, php limit of the file type, php limit file type example, php limit type to upload JPG, JPEG, PNG, and GIF files.

Complete Upload File PHP Script

This is how the entire "upload.php" file now looks.

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
  if($check !== false) {
    echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
  } else {
    echo "File is not an image.";
    $uploadOk = 0;
  }
}

// Check if file already exists
if (file_exists($target_file)) {
  echo "Sorry, file already exists.";
  $uploadOk = 0;
}

// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
  echo "Sorry, your file is too large.";
  $uploadOk = 0;
}

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
  $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
  echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
  } else {
    echo "Sorry, there was an error uploading your file.";
  }
}
?>
You can also search for these topics, how to complete upload file php script, example for upload file php script, complete upload file using php script, php script to complete file upload, php script condition to file upload complete or not.