Home > Article > Backend Development > PHP image file upload implementation code
For the security of the website, uploading of php files is definitely not allowed. If someone enters your backend and uploads a php file, all the source code of your website will be saved and become his, and he can package it directly to see your code. Therefore, you must control the uploaded directory and file type. Generally, only images can be uploaded.
Create a file upload form
It is very useful to allow users to upload files from a form.
Please look at the following HTML form for uploading files:
<html> <body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>
Please note the following information about this form:
ff9c23ada1bcecdd1a0fb5d5a0f18437 The enctype attribute of the tag specifies which to use when submitting the form content type. Use "multipart/form-data" when your form requires binary data, such as file content.
d5fd7aea971a85678ba271703566ebfd The type="file" attribute of the tag specifies that the input should be processed as a file. For example, when previewing in a browser, you'll see a browse button next to the input box.
Note: Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.
Create an upload script
The "upload_file.php" file contains the code for uploading files:
<?php if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } ?>
By using PHP's global array $_FILES, you can upload files from the client computer to the remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name" or "error". Like this:
$_FILES["file"]["name"] - 被上传文件的名称 $_FILES["file"]["type"] - 被上传文件的类型 $_FILES["file"]["size"] - 被上传文件的大小,以字节计 $_FILES["file"]["tmp_name"] - 存储在服务器的文件的临时副本的名称 $_FILES["file"]["error"] - 由文件上传导致的错误代码
This is a very simple way to upload files. For security reasons, you should add restrictions on who has permission to upload files.
Upload restrictions
In this script, we add restrictions on file uploads. Users can only upload .gif or .jpeg files, and the file size must be less than 20 kb:
<?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } } else { echo "Invalid file"; } ?>
Note: For IE, the type of recognized jpg file must be pjpeg, and for FireFox, it must be jpeg.
Save the uploaded file
The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copied file will disappear when the script ends. To save the uploaded file, we need to copy it to another location:
<?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?>
The above script detects whether the file already exists. If it does not exist, it copies the file to the specified folder.
Note: This example saves the file to a new folder named "upload".
For more articles related to PHP image file upload implementation code, please pay attention to the PHP Chinese website!