Simple File Upload in PHP Example: File uploading is a much discussed topic on Web. It is one of the vulnerable spot of any website, and its security will be breeched if not handled properly. So understanding how to upload files in php in a secure way is a must for anyone who wants to learn php web development. No worries. This simple php file upload script will show you how to upload files using php more securely by providing appropriate filters.
Before starting, just make sure if your web server allows file uploading. Check for this line in the server's php.ini
file.
file_uploads = On
If it is not set, then set it to 'On'.
Simple File Upload in PHP Example:
First let's create the html form for uploading the file. Add a file input and a submit button to the form. The file input is made especially to aid file uploading process, which comprises of a text box and a browse button. The user should click on the browse button to choose the file for uploading and the name of the selected file will be displayed in the nearby textbox.
We have to set the html form attributes, method="post"
and enctype="multipart/form-data"
. The enctype stands for encryption type and should be set to "multipart/form-data" to upload files in php.
Here goes the html code for our php file upload form.
<form action="file_upload.php" name="uploadform" method="post" enctype="multipart/form-data"> <input type="file" name="txt_filename" /> <input type="submit" name="submit" value="Upload File" /> </form>
Next we'll move on to the PHP file upload script part. PHP does uses an associative array called "$FILES" where it stores all the information about the file selected by the user in the file input. Here are the properties of the array.
- $_FILES['file']['tmp_name'] - the temporary path of the uploaded file on the web server.
- $_FILES['file']['name'] - it's the actual name of the uploaded file.
- $_FILES['file']['size'] - uploaded file size in bytes.
- $_FILES['file']['type'] - MIME type of the uploaded file (ie, file extensions type).
- $_FILES['file']['error'] - if there is any error in the file uploading process, then the error code will be stored here.
As I said earlier in this article, we have to make sure the user uploads the proper file and not some malicious exe files or codes. So your php file upload script should always keep a check on the type of files that should be allowed for uploading by a user. For this tutorial sake, I'll set filters such as,
- The uploaded file type should be plain text or pdf files.
- The file size should not exceed 100KB.
Note: I'm just using these conditions for this tutorial purpose, but you can set your own filters like allowing only image files for uploading (eg., in case of user avatar field). The php image uploader script will be the same as the file upload code given in this tutorial, except that you have to check against the mime types of the images.
Here is the script for Simple PHP File Upload.
<?php $submit = $_POST['submit']; //check if form submitted if ($submit=="Upload File") { //get file name $filename = $_FILES["txt_filename"]["name"]; //set target directory $target_path = "uploads/"; //upload file if($filename!="") { //check if file type is of text or pdf, and of size less than 100KB if ((($_FILES["txt_filename"]["type"] == "application/pdf") || ($_FILES["txt_filename"]["type"] == "text/plain")) && ($_FILES["txt_filename"]["size"] <= 100000)) { move_uploaded_file($_FILES["txt_filename"]["tmp_name"],($target_path . $_FILES["txt_filename"]["name"])); echo "File Uploaded Successfully!"; } else { echo "Error!"; } } } ?>
As you can see in the code, we used the conditions, $_FILES["txt_filename"]["type"]=="application/pdf"
to check for the pdf file and $_FILES["txt_filename"]["type"]=="text/plain"
to check for text file.
Here is the list of some other MIME types you can use for checking the different file extensions.
- image/jpeg - "*.jpeg"
- image/jpg - "*.jpg"
- image/gif - "*.gif"
- image/tiff - "*.tiff"
- image/png - "*.png"
- text/html - "*.html"
- text/css - "*.css"
- text/xml - "*.xml"
- text/json - "*.json"
- application/excel - "*.excel"
- audio/mp3 - "*.mp3"
- audio/wav - "*.wav"
- video/mpeg - "*.mpeg"
- application/zip - "*.zip"
We have used a php function move_uploaded_file()
, which is to move the file from temporary directory to the target directory. Save the above piece of code in a separate php file and set the html form's action
attribute to point to this file and you are done.
That explains about simple file uploading in php. As I said before, always handle file uploading process with care without compromising website's security. I hope you enjoyed this simple php file upload tutorial. Please let me know your queries through comments.
Hello, I need help regarding blog. will you please reply me on aftab.ahmad334@gmail.com
ReplyDelete