PHP - SPLessons

PHP File Upload

Chapter 25

SPLessons 5 Steps, 3 Clicks
5 Steps - 3 Clicks

PHP File Upload

PHP File Upload

shape Description

In PHP, input field type is used as file to upload the file to server which is easy.At the same time it is dangerous without proper validation.

When working on server there is no need to check "php.ini" file whether file upload permission has given or not.The operation will be default. But when working in local systems one have to check whether the file_uploads is on or not.If off, set that to on.

file_uploads = On

Create HTML Form

shape Description

Two things have to be kept in mind when writing a form to upload a file to server.

  • Use form method ="post"
  • Define the attribute enctype="multipart/form-data". It will explain the content-type while submitting the form.

shape Example

<!DOCTYPE html>
<html>
	<body>
	 
		<form action="upload-img.php" method="post" enctype="multipart/form-data">
			Select image to upload:
			<input type="file" name="imgToUpload" id="imgToUpload">
			<input type="submit" value="Upload Image" name="submit">
		</form>
	 
	</body>
</html>

Create Script file

shape Description

Once the form is submitted, the data in the uploaded file can be accessed with PHP superglobal array called $_FILES.

Processing updloaded file

upload-img.php

<?php 
	//specifies the directory where the file is going to be placed
	$upload_dir = "uploads/"; 
	
	//specifies the path of the file to be uploaded
	$upload_file = $upload_dir . basename($_FILES["imgToUpload"]["name"]); 
	
	//$uploadOk=1 is not used yet (will be used later)
	$uploadOk = 1; 
	
	//$imageFileType holds the file extension of the file
	$imageFileType = pathinfo($upload_file,PATHINFO_EXTENSION); 
	
		// Check if image file is a actual image or fake image(other than image) 
		if(isset($_POST["submit"])) 
		{ 
			$check = getimagesize($_FILES["imgToUpload"]["tmp_name"]); 
			if($check !== false) 
			{ 
				echo "File is an image - " . $check["mime"] . "."; 
				$uploadOk = 1; 
			} 
			else
			{ 
				echo "File is not an image."; 
				$uploadOk = 0; 
			} 
		} 
	
		// Check if file already exists 
		if (file_exists($upload_file)) 
		{ 
			echo "Sorry, file already exists."; $uploadOk = 0; 
		}
	
		// Check file size 
		if ($_FILES["imgToUpload"]["size"] > 500000) 
		{
			echo "Sorry, your file is too large.";
			$uploadOk = 0;
		}
		
		// Allow certain file formats
		if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) 
		{
			echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
			$uploadOk = 0;
		}
	
		// Check if $uploadOk is set to 0 by an error
		if ($uploadOk == 0) 
		{
			echo "Sorry, your file was not uploaded.";
			// if everything is ok, try to upload file
		} 
		else
		{
			if (move_uploaded_file($_FILES["imgToUpload"]["tmp_name"], $upload_file))
			{
				echo "The file ". basename( $_FILES["imgToUpload"]["name"]). " has been uploaded.";
			} 
			else 
			{
			echo "Sorry, there was an error uploading your file.";
			}
		}
?>

Output:

Summary

shape Points

  • Check “php.ini” file whether PHP file upload permission has given or not.
  • Attribute enctype=”multipart/form-data” explains the content-type while submitting the form.