Basic File Uploads Using PHP [Quick Tutorial]

If you want to give website visitors a way to upload files, you can do it through PHP to allow them to upload via a simple HTML form. This guide shows the process, but it doesn’t consider the many security threats that this can cause. These security risks should always be considered when giving anyone the ability to upload files to your server.

Here are the steps:

1. Turn Uploads On

On your server, locate the php.ini file and open it in a text editor. Search for "file_uploads" and change the parameter to "On".

file_uploads = On

2. Create the HTML Form

Here is an example of a basic HTML form:

<!DOCTYPE html>

<html>

<head>

            <title>Basic File Upload sUsing PHP</title>

</head>

<body>

<p>Upload a  file using the form below:</p>

<form enctype="multipart/form-data" action="upload.php" method="post" >

<label for="file">Select file to upload :</label><br />

<input name="file" type="file" id="file"><br /><br />Click to upload<br />

<input type="submit" value="Upload Image" name="submit" />

</form>

</body>

</html>

This form looks like this:

The important parts of the code above are:

·         enctype="multipart/form-data" - this specifies the content-type

·         action="upload.php" - this is where the data from the form is sent. We'll create this script below.

·         method="post" - you must use the HTTP post method

3. Create a Directory for Uploaded Files

Create a directory called "uploaded_files". Put this directory and the PHP script you will be creating below into the same directory.

4. Create the PHP Script

You need to create a PHP script using the code below and save it as "upload.php".

<?php

$target_dir = "uploaded_files/";

$target_file = $target_dir . basename($_FILES["file"]["name"]);

$uploadOk = 1;

$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if image is real or fake

if(isset($_POST["submit"])) {

    $check = getimagesize($_FILES["file"]["tmp_name"]);

    if($check !== false) {

        echo "File is an image - " . $check["mime"] . ".";

        $uploadOk = 1;

    } else {

        echo "This is not an image file. Please upload another.";

        $uploadOk = 0;

    }

}

// Check if file already exists

if (file_exists($target_file)) {

    echo "This file already exists – please upload another.";

    $uploadOk = 0;

}

// Check file size

if ($_FILES["file"]["size"] > 1000000) {

    echo "Your file is too big. Please try again";

    $uploadOk = 0;

}

// Allow certain file formats

if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"

&& $imageFileType != "gif" ) {

    echo "Only JPG, JPEG, PNG and GIF files are allowed. Please try again";

    $uploadOk = 0;

}

// Check if $uploadOk is set to 0 by an error

if ($uploadOk == 0) {

    echo "Your file was not uploaded.";

} else {

    if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {

        echo "The file ". basename( $_FILES["file"]["name"]). " has been uploaded.";

    } else {

        echo "There was an error uploading your file.";

    }

}

?>

This example script is for uploading images, and it does a number of things:

1.      Checks if the image is real

2.      Checks if the file has been uploaded before

3.      Restricts the file size to 1MB

4.      Limits the file types to commonly used image files - jpg, jpeg, png and GIF

When this script completes, the uploaded file will be in the directory uploaded_files.

Happymarli
Happymarli Hire Me

Professional Proofreader, Editor and Writer

Do you need a professional editor and writer to proofread your technical document, thesis, novel, statement of purpose, personal statement, resume, cover letter, manuscript, essay, short story, textbook content, article, and marketing material ensuring their content is flawless and appealing to readers? Why Hire Me? 1) I have a 5 star average rating for 2397+ projects completed on freelancer. 2)...

Hire Me

Next Article

Creating a Child Theme in WordPress [Guide]