PHP file upload

The type="file" attribute of the tag specifies that the input should be processed as a file. For example, when previewing in a browser, you'll see a browse button next to the input box.

Note: Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.

Create upload script

"upload_file.php" file contains the code for uploading files:

if ($_FILES["file"]["error"] > 0)
{
echo " Error: " . $_FILES["file"]["error"] . "
";
}
else
{
echo "Upload: " . $_FILES["file"]["name" ] . "
";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES ["file"]["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>

By using PHP’s global array $_FILES, you can upload files from the client computer to the remote server.

The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name" or "error". Like this:

$_FILES["file"]["name"] - The name of the uploaded file

$_FILES["file"]["type"] - The type of the uploaded file

$_FILES[" file"]["size"] - The size of the uploaded file, in bytes

$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server

$_FILES[" file"]["error"] - Error code caused by file upload

This is a very simple way to upload files. For security reasons, you should add restrictions on who has permission to upload files.

Upload Limit

In this script, we have added a limit to file upload. Users can only upload .gif or .jpeg files, and the file size must be less than 20 kb:

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $ _FILES["file"]["error"] . "
";
}
else
 {
 echo "Upload: " . $_FILES["file"]["name"] . "< br />";
echo "Type: " . $_FILES["file"]["type"] . "
";
echo "Size: " . ($_FILES["file"] ["size"] / 1024) . " Kb
";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo " Invalid file";
}

?>

Note: For IE, the type of jpg file recognized must be pjpeg, and for FireFox, it must be jpeg.

Save the uploaded file

The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.

This temporary copied file will disappear when the script ends. To save the uploaded file, we need to copy it to another location:

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
 {
 if ($_FILES["file"]["error"] > 0)
   {
   echo "Return Code: " . $_FILES["file"]["error"] . "
";
   }
 else
   {
   echo "Upload: " . $_FILES["file"]["name"] . "
";
   echo "Type: " . $_FILES["file"]["type"] . "
";
   echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
   echo "Temp file: " . $_FILES["file"]["tmp_name"] . "
";

   if (file_exists("upload/" . $_FILES["file"]["name"]))
     {
     echo $_FILES["file"]["name"] . " already exists. ";
     }
   else
     {
     move_uploaded_file($_FILES["file"]["tmp_name"],
     "upload/" . $_FILES["file"]["name"]);
     echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
     }
   }
 }
else
 {
 echo "Invalid file";
 }
?>

上面的脚本检测了是否已存在此文件，如果不存在，则把文件拷贝到指定的文件夹。

注释： 这个例子把文件保存到了名为 "upload" 的新文件夹。