PHP File Uploads

PHP allow your users to upload a text and binary files to the server.

the process of uploading a file follows these steps:

  • a visitor views an html page with a form specifically written to support file uploads
  • the visitor provides the file he wants to upload and submits the form
  • the browser encodes the file and sends it as part of the post request it makes to the server
  • PHP receives the form submission, decodes the file and saves it in a temporary location on the    server
  • the php script responsible for handling the form post verifies the file and processes it in some    manner, often moving it from its temporary location to a more permanent home.

if you want to develop the process of uploading files may follows these steps:

first step :

first, you need to ensure php is configured to allow uploads.check your php.ini file and verify the file_uploads directive is set on.

                   file_uploads = on     //look this code inside php.ini file

by default, the uploaded files are first stored in a default temporary can specify a different directory using the upload_tmp_dir directive in php.ini.

                   upload_tmp_dir = "/web/users/"

second step - create an html upload-file form:

html forms provide the interface through which a user initiates a file upload.

note : be sure your file upload form has attribute enctype= "multipart/form-data" otherwise the file upload will not work.

this below example - html form is used for uploading files(images/text):

     <html>  <head>  <title> uploading files </title>  </head>
<form action="file_uploads.php" method="post" enctype="multipart/form-data">
              <label for="file">filename :-</label>
              <input type = "file"   name="data" >
              <input type = "submit" name="upload" >

third step - creating an upload script:

information about the file upload is made available with the multidimensional $_files array.

this array is indexed by the names assigned to the file fields in the html form.each $_files array then contains the following indexes:

  • $_files['data']['name'] :- the original name of the file on the client machine
  • $_files['data']['type']  :- the mime-type of the uploaded file
  • $_files['data']['size']   :- the size in bytes of the uploaded file
  • $_files['data']['error']  :- the error code resulting from the file upload
  • $_files['data']['tmp_name'] :- stores the name of the temporary file

the move_uploaded_file() function moves an uploaded file from its temporary to permanent location.

look the "file_uploades.php" file contains the code for uploading a file:

         if($_files['file']['error'] > 0){      //this code check errors
                    echo  "error occurs". $_files['data']['error'];
                   echo "uploaded file name =: ". $_files['data']['name'] . "<br/>";
                   echo "file type =:". $_files['data']['type'] . "<br/>";
                   echo "file size =:". $_files['data']['size'] . "bytes <br/>";
                   echo "stored in =:". $_files['data']['tmp_name'];
move_uploaded_file( $_files['data']['tmp_name'], "c:/xampp/htdocs/upload/" . 

                      $_files["data"]['name']);// preserve file from temporary directory
                if( $_files['data']['name'] !== ""){
                                   copy( $_files['data']['name'], "/web/data") or 
                                   die( "could not copy file" );
                   }else { die ( "no file specified" ); }                

restricting on upload files

:- "your users upload files to your server can be very risky. If you're not careful, you could get users uploading all sorts of files - perhaps including harmful executables". You could also find one day that you've run out of disk space because some users have been uploading enormous files.

You can restrict the file types and file sizes by using an "if" statement. If the file type and size are acceptable, processing can continue, otherwise, display a message to the user.

note : you install good anti-virus software before allowing users to upload files to your server.

              if(($_files['data']['type'] == "image/gif") 
                 ||  ($_files['data']['type'] == "image/jpeg")
                 || ($_files['data']['type'] == "image/jpg") 
                 || ($_files['data']['type'] == "image/png")
                 && ($_files['data']['size'] <= 10000)){
                       if ( $_files['data']['error'] > 0){
                               echo  "errors : " . $_files['data']['error'] . "<br/>";
                   echo "uploaded file name =: ". $_files['data']['name'] . "<br/>";
                   echo "file type =:". $_files['data']['type'] . "<br/>";
                   echo "file size =:". $_files['data']['size'] . "bytes <br/>";
                   echo "stored in =:". $_files['data']['tmp_name'];

move_uploaded_file( $_files['data']['tmp_name'], "c:/xampp/htdocs/upload/" . 

                      $_files["data"]['name']);// preserve file from temporary directory

  echo  "file must be either jpg jpeg png gif, and file size less than 10,000 kb";