Allowing anyone and everyone to upload files to your web server opens up many, many concerns about security, but we will not address them all here. Instead, we will focus on the very basic mechanics of uploading files so that you can experiment with this feature.
To begin, you will need an HTML file upload form with a method of "post" and a specific encoding type, such as the following example. (The action should lead to the php file where the file upload script is located.)
<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="my-file" size="50" maxlength="25"> <br>
<input type="submit" name="upload" value="Upload">
</form>
When a file is uploaded, it gets stored in a temporary area on the server until it is moved. The file has to be moved from that area, or else it will be destroyed. In the meantime, the $_FILES[] superglobal array is filled up with data about the uploaded file. Since the file's upload field in our example is called "my-file", the following data is created:
Superglobal | Description |
---|---|
$_FILES['my-file']['name'] | Original Name of File Before It Was Uploaded |
$_FILES['my-file']['type'] | The MIME Type of File, Provided By the Browser |
$_FILES['my-file']['size'] | Size of the File (In Bytes) |
$_FILES['my-file']['tmp_name'] | Location of Temporary File on Server |
$_FILES['my-file']['error'] | Any Error Codes Resulting From the File Upload |
To begin the file upload script, we will use the is_uploaded_file() function as an alternative to the isset() and empty() functions to verify that a file has been uploaded to its temporary location.
<?php
if (is_uploaded_file($_FILES['my-file']['tmp_name']) && $_FILES['my-file']['error']==0) {
echo "The file was uploaded successfully but has not been saved.<br>";
echo "The file is temporarily stored: " . $_FILES['my-file']['tmp_name'] . "<br>";
echo "The file name was: " . $_FILES['my-file']['name'] . "<br>";
echo "The file type is: " . $_FILES['my-file']['type'] . "<br>";
echo "The file size is: " . $_FILES['my-file']['size'] . "<br>";
} else {
echo "The file was not uploaded successfully.";
echo "(Error Code:" . $_FILES['my-file']['error'] . ")";
}
?>
The next step, if you want to only accept certain file types and sizes, would be to check out those factors and send out error messages accordingly. In our example we'll move right along and determine whether or not the file has already been uploaded, since we do not want to over-write an existing file. We can use the file_exists() function for this purpose.
<?php
if (is_uploaded_file($_FILES['my-file']['tmp_name']) && $_FILES['my-file']['error']==0) {
$path = '/var/www/html/phpforkids.com/uploads/' . $_FILES['my-file']['name'];
if (!file_exists($path)) {
echo "File does not exist. It is safe to move the temporary file.";
} else {
echo "File already exists. Please upload another file.";
}
} else {
echo "The file was not uploaded successfully.";
echo "(Error Code:" . $_FILES['my-file']['error'] . ")";
}
?>
And now, at long last, we can use the move_uploaded_file() function to move the temporary file into its permanent location.
<?php
if (is_uploaded_file($_FILES['my-file']['tmp_name']) && $_FILES['my-file']['error']==0) {
$path = '/var/www/html/phpforkids.com/uploads/' . $_FILES['my-file']['name'];
if (!file_exists($path)) {
if (move_uploaded_file($_FILES['my-file']['tmp_name'], $path)) {
echo "The file was uploaded successfully.";
} else {
echo "The file was not uploaded successfully.";
}
} else {
echo "File already exists. Please upload another file.";
}
} else {
echo "The file was not uploaded successfully.";
echo "(Error Code:" . $_FILES['my-file']['error'] . ")";
}
?>
That's all it takes!
Two common problems that you may run into, causing the upload process to fail, are the file size and directory permissions. PHP sets a default "upload_max_filesize" to limit the size of the file uploaded. The default is 2M (megabytes) and any file that exceeds this limit will not upload. Also, if the directory (folder) where you try to move the file must have certain permissions set, or you will not be allowed to move the file into that directory.