php
  1. php-file-upload
PreviousNext

PHP File Upload

Syntax

bool move_uploaded_file ( string $filename , string $destination )

Example

<form action="upload.php" method="POST" enctype="multipart/form-data">
  Select image to upload:
  <input type="file" name="fileToUpload" id="fileToUpload">
  <input type="submit" value="Upload Image" name="submit">
</form>

<?php
if(isset($_POST["submit"])) {
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    // Check if image file is a actual image or fake image
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
    // Check if file already exists
    if (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $uploadOk = 0;
    }
    // Check file size
    if ($_FILES["fileToUpload"]["size"] > 500000) {
        echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }
    // Allow certain file formats
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
        } else {
            echo "Sorry, there was an error uploading your file.";
        }
    }
}
?>

Output

File is an image - image/jpeg.
The file example.jpg has been uploaded.

Explanation

This code handles the file upload request through a form by checking if the uploaded file is an image, if it already exists, if it is too large or if it has an invalid file format. If none of these errors occur, it uses the move_uploaded_file() function to move the file from the temporary location to a specified directory on the server.

Use

This code can be used to upload any file type as long as it is modified to check for the appropriate file extension. It is commonly used in web applications that require user-generated content or file uploads.

Important Points

  • The enctype attribute of the form should be set to "multipart/form-data" to allow file uploads.
  • The move_uploaded_file() function is used to move the uploaded file to a desired location on the server.
  • The basename() function is used to extract the name of the file from its path.
  • Security measures should be taken to prevent malicious files from being uploaded or executed on the server.

Summary

In summary, this code provides a secure way to handle file uploads in PHP by checking for errors and moving uploaded files to a designated location on the server. It is a useful tool for web applications that require user-generated content or file uploads.

Delete FileDownload File
Published on: