Posts Tagged ‘Upload a File’

Upload a File Using PHP

phpupload0r

Ok so you want to upload a file to your webspace. Easy enough you just need some sort of server-side language. In this case it’s PHP, this tutorial should work with versions 4 upwards.

So we’ll build just 1 file to handle the upload, display status and the form.

Im going to call this upload0r.php (you can call it whatever you want)

First of all make a folder in your webspace/server called uploads, by default it should have read, write and execute permissions (chmod 777) if it doesn’t you can use something like Filezilla FTP client to alter this.

The PHP we use revolves around a few inbuilt functions in the standard PHP libraries – I’ve linked these to the relevant PHP info pages for you to read more.

The first is the $_FILES array, this is a super global variable used soley to store uploaded content from a form and details about the file you upload. It expects two parameters to be passed when using it.

The first parameter comes from your form’s input name. So for example in my form I have the following field:

<- note the type!

So when using $_FILES to refer to this upload I set the first parameter as:

$_FILES[“uploadThisFile”]

The second part can then be either “name”, “type”, “size”, “tmp_name” or “error”. Like this:

$_FILES[“uploadThisFile”][“name”]
The name of the file sent via your form

$_FILES[“uploadThisFile”][“type”]
The type of the file, e.g jpeg, gif – note we dont need to look at the extension as this data also resides in the files metadata.

$_FILES[“uploadThisFile”][“size”]
The size in bytes of your file

$_FILES[“uploadThisFile”][“tmp_name”]
The name of the temporary copy of the file stored on the server. Generally you shouldn’t need to set your tmp directory but just in case a good starting point is the php.ini file.

$_FILES[“uploadThisFile”][“error”]
Any error code resulting from the file being uploaded

So using this we can write some very quick validation around to help reduce malicious use, of course you should also write validation around you form entry to sanitise the input. So for example:

if ((($_FILES[“uploadThisFile”][“type”] == “image/gif”) //check the file type
|| ($_FILES[“uploadThisFile”][“type”] == “image/jpeg”))    //add in as many checks as you want
&& ($_FILES[“uploadThisFile”][“size”] < 100000)) { //check the filesize is less than 100kb

//check the $_FILES array for errors
if ($_FILES[“uploadThisFile”][“error”] > 0) {

So I check for the file types I want, and if there were any errors before saving the file to my webspace.

Using another inbuilt PHP function I can quickly check to see if the file already exists:

if (file_exists(“uploads/” . $_FILES[“uploadThisFile”][“name”])) {

This function takes only one parameter which is the location of a file on the server and checks to see if its there or not returning true or false.

And the final function, again provided with PHP is move_uploaded_file() which is only for moving a file thats been uploaded to the tmp directory and then moving it and renaming it to a specified destination as thus:

move_uploaded_file($_FILES[“uploadThisFile”][“tmp_name”], “uploads/” . $_FILES[“uploadThisFile”][“name”]);

And thats basically it, so heres the final code below with some comments:

//set a variable to store the status of the upload
$status = “”;

// could write the filetypes as an array to be checked.

if ((($_FILES[“uploadThisFile”][“type”] == “image/gif”) //check the file type
|| ($_FILES[“uploadThisFile”][“type”] == “image/jpeg”))    //add in as many checks as you want
&& ($_FILES[“uploadThisFile”][“size”] < 100000)) { //check the filesize is less than 100kb

//check the $_FILES array for errors
if ($_FILES[“uploadThisFile”][“error”] > 0) {

$status .= “There were the following errors during the upload: ” . $_FILES[“uploadThisFile”][“error”] . “
“;

} else {

//check if the file already exists by using file_exists() function and tell user
if (file_exists(“uploads/” . $_FILES[“uploadThisFile”][“name”])) {

$status .= $_FILES[“uploadThisFile”][“name”] . ” already exists. “;

} else {

//use move_uploaded_file to move the temporary item to your directory
move_uploaded_file($_FILES[“uploadThisFile”][“tmp_name”], “uploads/” . $_FILES[“uploadThisFile”][“name”]);

//tell user that file was uploaded, what it was etc..
$status .= “File uploaded: ” . $_FILES[“uploadThisFile”][“name”] . “
“;
$status .= “File Type: ” . $_FILES[“uploadThisFile”][“type”] . “
“;
$status .= “File Size: ” . ($_FILES[“uploadThisFile”][“size”] / 1024) . ” Kb
“;
$status .= “Stored in: ” . “uploads/” . $_FILES[“uploadThisFile”][“name”].”“;

/* you could write a database routine to stuff in this data and record
e.g.
mysql_query(INSERT INTO VALUES (”, ‘$_FILES[“uploadThisFile”][“name”]’);
*/

} //end if file exists check and user confirmation

} //end if errors in upload check

} else {

//if the file type isn’t one specified in the first if statement
$status .= “Invalid file, should be gif or jpeg”;

} //end if

echo $status;

?>



$_SERVER[‘PHP_SELF’] //posts back to its self ?>” method=”POST”>
Choose a file to upload: