The Basics of File Upload in PHP

by Saquib Rizwan  April 4, 2017

Uploading files from clients to servers is one of the important features of any PHP application. However, implementation of feature with proper security and hassle-free configuration could be tricky. Developers could use several PHP file upload script to ensure that the application offers this feature seamlessly. I will discuss a popular strategy that developers could integrate within their projects. In this article, I will show you the basics of file upload in PHP applications.

file upload in php

Requirements

File handling in PHP is pretty easy. However, you must be careful of the small details that must be correctly configured before uploading the file, or else you will end up with a set of mysterious errors.

First of all, open php.ini file and ensure that the file_uploads directive is set to On.

Files are first uploaded to the system’s default temporary directory. However, you can specify a different directory by changing the value of upload_tmp_dir directive in the php.ini.

Remember that when you set a new temporary directory, make sure that PHP functions have proper privileges to write to this directory. To check the privileges, go to the root folder containing the tmp folder and type the following command in the terminal.

command line

Now, that the configurations are ready, I will next work on the File Uploading Script.

The Process of File Uploading in PHP

The process of a complete file uploading script is as follows:

  1. Create an HTML form to deal with the file uploading.
  2. Apply security checks.
  3. Create PHP scripts to handle/process the data.
  4. The user fills in the form, adds the image and submits the data.
  5. Conclusion.

Create the HTML Form

The HTML form is the interface through which user interacts and submits the data. But to make form work with the file, it is important that <form> element must have its method set to POST because files can not be send to servers using the GET method. Another important attribute is enctype which should be set to multipart/form-data. Last but not least, the file <input> type attribute should be set to file.

Create a file form.php in your PHP project and type in the following code.

html file upload form

In this form, I have used Bootstrap Classes to apply a little bit of styling on the form. In this form, I have mentioned upload.php in the action attribute of the form. Therefore, this form will redirect to uploads.php after the submission of the form.

Create PHP Script for File Uploading

When the user interacts with this form, the file is uploaded to the temporary folder and all the information about the file is stored in the multidimensional array known as $_FILES.The Key Index of this array is the name attribute on this <input type=’’file’ name=”image” > field.
In this case, $_FILES[“image”] is the index name.more information about the file is stored in the following indexes.

Once the file has been uploaded to the temporary folder and all its information saved in the array, move_uploaded_file() function is used to move the file from its present temporary location to a permanent location. The process of uploading the file is as follows:

  1. Check if there are any errors in the upload.
  2. Check if the file type is allowed
  3. Check that the file is under the set file size limit
  4. Check if the filename is valid (if filename has a /, it will effect the destination path) .
  5. Check that the file doesn’t already exist at the target location (based on the name).
  6. Finally, upload the file.

Let’s create the PHP script to deal with the functionality of file uploading. Create upload.php and type the following code in it.

Check if there are any errors in the upload

To check the error in the uploaded file, type in the following code, If the error is greater than zero then there must be an error in the process.

Check if the file type is allowed

To check whether the uploaded file is an image, type in the following code.

Here, exif_imagetype() is a built-in function which determines if the file is of a supported image format.

Check that the file is under the set file size limit

File size is measured in bytes. So, if the file size is set at 500kb, then the file size should be less than 500000.

Check if the filename is valid

It is important to save the file with the valid name because sometimes, the filename  might contain any characters that could affect the destination path (such as a slash). To check if the file has a valid name, type in the following code:

where preg_replace() is a built-in PHP function to search and replace the regular expressions.

Check that the file does not already exist

Two files with the same name can not be located in the same folder. Therefore, it is important to check if that file does not already exist in that folder. Type in the following code:

Where pathinfo() is the built–in function which will return the filename and extension in separate indexes.

Uploading File in PHP

Now that all the checks have been coded in, I will move the uploaded file from the tmp folder to the upload folder. For this, first create a upload folder in the project directory. This is where the uploaded pictures will be saved.

Where move_uploaded_file is the function which will move the file from $myFile[“tmp_name”] (temporary location) to “upload/” . $name (permanent location) and chmod is used to give the file proper permissions.

Conclusion

In this tutorial, I demonstrated file upload in PHP feature. I described how the file must be uploaded using multipart/form-data encoded POST request. This is uploaded to the tmp folder and then perform several validation checks for the file (file type, size, and name). Finally, I used  move_uploaded_file to move the file from the temporary location to the permanent folder.  

In my next tutorial, I will demonstrate how you could upload and store a file into the database using PDO.

Create PHP websites without the worry of server management.

Deploy your PHP app on optimized PHP hosting servers.

About Saquib Rizwan

Saquib is a PHP Community Expert at Cloudways – A Managed PHP Hosting Cloud Platform. He is well versed in PHP and regularly contributes to open source projects. For fun, he enjoys gaming, movies and hanging out with friends. You can email him at saquib.rizwan@cloudways.com

Stay Connected:

You Might Also Like...