Skip to main content

File Uploading

PHP is a powerful language used for server-side scripting. Among its many features, PHP allows you to handle files, including uploading files to the server. In this tutorial, we'll cover the basics of file uploading in PHP, walking you through the process step-by-step.

File Uploading in PHP

File uploading is a common feature in web applications. PHP simplifies this process with its built-in functions. To upload a file in PHP, you need a form in HTML that includes the enctype attribute, and a PHP script to process the form data.

HTML Form

First, let's create an HTML form with the POST method and multipart/form-data encoding type. The enctype attribute is important when you are using forms that have a file upload control.

<form action="upload.php" method="post" enctype="multipart/form-data">
  Select file to upload:
  <input type="file" name="fileToUpload" id="fileToUpload">
  <input type="submit" value="Upload File" name="submit">
</form>

PHP Script

Next, let's create the upload.php file that will handle the file upload. This script checks if a file has been uploaded, if the file already exists, if the file size is suitable, and if the file is of a certain type.

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

// Check if file is a actual image or fake image
if(isset($_POST["submit"])) {
  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
  if($check !== false) {
    echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
  } else {
    echo "File is not an image.";
    $uploadOk = 0;
  }
}

// Check if file already exists
if (file_exists($target_file)) {
  echo "Sorry, file already exists.";
  $uploadOk = 0;
}

// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
  echo "Sorry, your file is too large.";
  $uploadOk = 0;
}

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
  $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
  echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
  } else {
    echo "Sorry, there was an error uploading your file.";
  }
}
?>

In the script above, we first set the target directory where our file will be uploaded. The $_FILES superglobal array in PHP is used to handle uploaded files. It stores all the information about the file like name, type, size, temporary name, and error codes.

Next, we check if the file is an image by using the getimagesize function. This function will return false if the file is not an image. Then, we verify if the file already exists in our target directory, and also check the file size for upload limitations.

Finally, we check the file type to ensure only certain types of files are allowed to upload. Once all checks are completed, we attempt to move the file from its temporary location to our target directory using move_uploaded_file function.

This is a basic implementation of file uploading in PHP. There are many other factors you would need to consider when handling file uploads, such as file permissions, error handling, security, and more. But this should serve as a good starting point for understanding how file uploads work in PHP.

Remember, always validate and sanitize user input, including uploaded files, to protect your application from potential security threats.