In this tutorial, we'll be exploring how to handle file uploads in PHP. We'll cover every step from setting up an HTML form to the actual uploading process in PHP, including validation, sanitization, and secure storage of files.
You will learn:
Prerequisites: Basic knowledge of HTML and PHP is recommended.
The first step in uploading files is to create an HTML form that allows users to choose the file they want to upload.
<form action="upload.php" method="post" enctype="multipart/form-data">
Select file to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload File" name="submit">
</form>
Here, "enctype" is set as "multipart/form-data" which is necessary when you're using forms that have a file upload control.
In PHP, you can access uploaded file information through the global array $_FILES.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$fileToUpload = $_FILES["fileToUpload"];
}
?>
$_FILES["fileToUpload"] is an array of things the client is trying to upload, which includes the following properties: name, type, tmp_name, error, and size.
It's crucial to validate and sanitize the uploaded file for security reasons. We'll check for the file size, type, and ensure it has no errors.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$fileToUpload = $_FILES["fileToUpload"];
// Check if file has no errors
if ($fileToUpload["error"] !== 0) {
die("Sorry, there was an error uploading your file.");
}
// Check file size
if ($fileToUpload["size"] > 500000) {
die("Sorry, your file is too large.");
}
// Allow certain file formats
$fileType = strtolower(pathinfo($fileToUpload["name"], PATHINFO_EXTENSION));
if($fileType != "jpg" && $fileType != "png" && $fileType != "jpeg") {
die("Sorry, only JPG, JPEG, & PNG files are allowed.");
}
}
?>
Finally, we'll move the uploaded file from temporary directory to the desired location.
<?php
$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
?>
The complete code for handling file uploads in PHP would look like this:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$fileToUpload = $_FILES["fileToUpload"];
// Check if file has no errors
if ($fileToUpload["error"] !== 0) {
die("Sorry, there was an error uploading your file.");
}
// Check file size
if ($fileToUpload["size"] > 500000) {
die("Sorry, your file is too large.");
}
// Allow certain file formats
$fileType = strtolower(pathinfo($fileToUpload["name"], PATHINFO_EXTENSION));
if($fileType != "jpg" && $fileType != "png" && $fileType != "jpeg") {
die("Sorry, only JPG, JPEG, & PNG files are allowed.");
}
$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
In this tutorial, we covered the process of handling file uploads in PHP. We started by creating a file upload form in HTML, then moved on to handling, validating, sanitizing, and securely storing the uploaded files in PHP.
Next steps for learning could include exploring more advanced file and image manipulation techniques, or learning about how to handle multiple file uploads simultaneously.
For your reference, the official PHP documentation on handling file uploads is a great resource: PHP File Uploads
Solutions:
if ($fileToUpload["size"] > 1048576)
if($fileType != "jpg" && $fileType != "png" && $fileType != "jpeg" && $fileType != "gif" && $fileType != "pdf")
$targetFile = $targetDir . time() . "_" . basename($_FILES["fileToUpload"]["name"]);
Remember, practice is key in mastering any programming language. Happy coding!