English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
PHP File Upload
Using PHP, files can be uploaded to the server.
This chapter's example is completed under the test project, with the directory structure as follows:
test
|-----upload # Directory for file upload
|-----form.html # Form file
|-----upload_file.php # PHP upload code
Source Code Download:File Upload
Create a file upload form
Allowing users to upload files from the form is very useful.
Please see the following HTML form for uploading files:
<html> <head> <meta charset="utf-8"> <title>Bird Tutorial (runoob.com)</title> </head> <body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">File name:</label> <input type="file" name="file" id="file"><br> <input type="submit" name="submit" value="Submit"> </form> </body> </html>
Save the above code to the form.html file.
Some notes on the above HTML form are listed as follows:
1.<form> tag's enctype attribute specifies which content type to use when submitting the form. Use "multipart" when the form needs binary data, such as file content./form-data".
2.<input> tag's type="file" attribute specifies that the input should be treated as a file. For example, when previewing in the browser, you will see a browse button next to the input box.
Note:Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.
Create an upload script
"upload_file.php" file contains the code for uploading files:
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
echo "File type: " . $_FILES["file"]["type"] . "<br>";
echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "File temporary storage location: " . $_FILES["file"]["tmp_name"];
}
?>
By using PHP's global array $_FILES, you can upload files from the client computer to a remote server.
The first parameter is the form's input name, and the second index can be "name", "type", "size", "tmp_name", or "error". As shown below:
$_FILES["file"]["name"] - The name of the uploaded file
$_FILES["file"]["type"] - The type of the uploaded file
$_FILES["file"]["size"] - The size of the uploaded file, in bytes
$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] - Error codes caused by file uploads
This is a very simple way to upload files. For security reasons, you should add restrictions on which users are allowed to upload files.
Upload restrictions
In this script, we have added restrictions on file uploads. Users can only upload .gif, .jpeg, .jpg, .png files, and the file size must be less than 200 kB:
<?php
// Allowed image file extensions
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp); // Get the file extension
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"
&& ($_FILES["file"]["size"] < 204800) // less than 200 kb
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
echo "File type: " . $_FILES["file"]["type"] . "<br>";
echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "File temporary storage location: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Illegal file format";
}
?>
Save the uploaded file
The example above creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copy file will be deleted when the script ends. To save the uploaded file, we need to copy it to another location:
<?php
// Allowed image file extensions
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
echo $_FILES["file"]["size"];
$extension = end($temp); // Get the file extension
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"
&& ($_FILES["file"]["size"] < 204800) // less than 200 kb
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Uploaded file name: " . $_FILES["file"]["name"] . "<br>";
echo "File type: " . $_FILES["file"]["type"] . "<br>";
echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temporary storage location of the file: " . $_FILES["file"]["tmp_name"] . "<br>";
// Determine if the file exists in the current directory's upload directory
// If there is no upload directory, you need to create it, the permission of the upload directory is 777
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " File already exists. ";
}
else
{
// If the file does not exist in the upload directory, upload the file to the upload directory
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "File stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Illegal file format";
}
?>
The script above checks if the file exists. If it does not exist, it will copy the file to the directory named "upload".
The demonstration operation of file upload is as follows:
That's all for this article, I hope it will be helpful to everyone's learning, and I also hope everyone will support the Shouting Tutorial.
Statement: The content of this article is from the Internet, the copyright belongs to the original author. The content is contributed and uploaded by Internet users. This website does not own the copyright, has not been manually edited, and does not assume any relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#w3Please report via email to codebox.com (replace # with @) when reporting, and provide relevant evidence. Once verified, this site will immediately delete the infringing content.