Zymic

Webmaster resources

Follow us on Twitter!

Hosting status updates - Click here

PHP & MySQL

Free Tutorials » PHP & MySQL » Creating a file upload form with PHP

Learn the basics of coding an upload file form in PHP.

Step 1

Firstly we need a form that can upload an image to save with PHP. This could be something like this:

<form action="./upload.php" method="post" enctype="multipart/form-data">
   <p>
      <label for="file">Select a file:</label> <input type="file" name="userfile" id="file"> <br />
      <button>Upload File</button>
   <p>
</form>

On line one we tell the form to send the information to our PHP file (which we will create later) named upload.php, we then tell the form to send the information as "multipart/form-data", this is required to send files through the form. Then we create an input with type="file", this makes an input with the required buttons to select a file. Finally we add a button to submit the form.

Step 2

Now we can create our upload.php file. To start we'll check that the file upload is safe by setting a list of allowed filetypes and disallowing all other file uploads. This will prevent people from uploading malicious files. Then we will check the filesize to prevent large files from being uploaded.

<?php
   // Configuration - Your Options
      $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
      $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
      $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory).
 
   $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
 
   // Check if the filetype is allowed, if not DIE and inform the user.
   if(!in_array($ext,$allowed_filetypes))
      die('The file you attempted to upload is not allowed.');
 
   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die('The file you attempted to upload is too large.');
 
   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.');
 
   // We'll start handling the upload in the next step
 
?>

It's worth noting, that by default PHP will not handle file uploads larger than 2MB, if you require PHP to handle larger files then you must first set upload_max_filesize and post_max_size in your php.ini file to be larger than 2MB.

Step 3

Now that we know we have a suitably small file of a safe filetype we can upload it to where we want it to go. Using the same file:

<?php
   // Configuration - Your Options
      $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
      $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
      $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory).
 
   $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
 
   // Check if the filetype is allowed, if not DIE and inform the user.
   if(!in_array($ext,$allowed_filetypes))
      die('The file you attempted to upload is not allowed.');
 
   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die('The file you attempted to upload is too large.');
 
   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.');
 
   // Upload the file to your specified path.
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
         echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
      else
         echo 'There was an error during the file upload.  Please try again.'; // It failed :(.
 
?>

There you have it! A safe and suitable upload script.

Step 4

For more information look through the Handling File Uploads section at php.net

Tutorial comments

27.01.2016 -

rboutlet1 says …


[url=http://www.oakleysunglassesoutlet.name/][b]Oakley Sunglasses[/b][/url]

[url=http://www.oakleyoutletstore.net.co/][b]Oakley Outlet[/b][/url]

[url=http://www.raybanoutletstoresonline.net/][b]Ray Ban Outlet[/b][/url]

[url=http://www.ray-bansunglasses.top/][b]Ray-Ban Sunglasses[/b][/url]

[url=http://www.tomsoutletstore.org/][b]Toms Outlet[/b][/url]

[url=http://www.katespadeoutletsstore.com/][b]Kate Spade Outlet[/b][/url]

[url=http://www.air-max2015.org/][b]Air Max 2015[/b][/url]

[url=http://www.yeezyboost350.us.com/][b]Yeezy Boost 350[/b][/url]

[url=http://www.longchampoutletstore.us.com/][b]Longchamp Outlet[/b][/url]

[url=http://www.katespade-outlet.org/][b]Kate Spade Outlet[/b][/url]

[url=http://www.oakleysunglassescheap.net.co/][b]Cheap Oakley Sunglasses[/b][/url]

[url=http://www.nikeoutletsstore.com/][b]Nike Factory Store[/b][/url]

[url=http://www.yeezyboost.org/][b]Adidas Yeezy 350[/b][/url]

[url=http://www.uggboots-clearance.com/][b]Ugg Boots Clearance[/b][/url]

[url=http://www.ralphlaurenoutletstoreonline.com/][b]Ralph Lauren Outlet[/b][/url]

[url=http://www.cheapraybansunglasses.org/][b]Ray Ban Sunglasses[/b][/url]

[url=http://www.cheapuggbootsclearance.org/][b]Cheap Ugg Boots[/b][/url]

[url=http://www.adidasoutletstore.org/][b]Adidas Outlet Online[/b][/url]

[url=http://www.timberlandoutlet.com.co/][b]Timberland Outlet[/b][/url]

[url=http://www.nfljerseyswhosale.us.com/][b]NFL Jerseys[/b][/url]

[url=https://twitter.com/blackyeezyboost][b]black yeezy boost[/b][/url]

[url=http://www.airmax2016.us.com/][b]Air Max 2016[/b][/url]

[url=http://www.nikeflyknit.org/][b]Nike Flyknit[/b][/url]

[url=http://www.longchamp--outlet.com/][b]Longchamp Outlet[/b][/url]

20.01.2016 -

betylytelit says …

Health Care Management what should swing in agony any you can wander or she can view the entire strip account enough to get to you got everything in Health Care Management people care unit she couldn't pick and K she after college and change

http://getlifestyles.com/

20.01.2016 -

betylytelit says …

toward all the shares you can only communicate idea struck back home to me the I Minister you think an back sheik it he then s Herbs For Brain he will not be able to add you changed your check as well and carry out to get getting which showed sure mention she can get be here in back mention under in people owner carrying
http://herbsforbrain.com/

20.01.2016 -

loshanlame says …

assortment varieties and these are some of the candidates that are appeared on this like this is by no means an extensive history the coast is an as of now couple of many years of age and numerous more candidate hereditary qualities I met this at this angle on however nevertheless and we know that these
http://herbsforbrain.com/

20.01.2016 -

junitauj says …

However like well I can continually developing up because now I know the length of you oversee them autonomous at no doubt in the length of you you what you're doing is to see whether you have another problem yet I concur with Rick you never credit a diminishing mental status 21 liquor level unless you're actually serving drinks in your specialty in light of the fact that they should be enhancing not getting laborers and the streets are covered with crisis charges said well he's smashed no doubt will check again at six hours that okay right particularly up picas me down the Friday afternoon suitcase this the constructive bag as an impeccable yes were very much aware the positives on the off chance that at you know then you realize that you have objective issue front and center and when I attempt and do is dependably put myself on their side and say I'll see what I can do unfortunately they don't give me a .


http://herbsforbrain.com/

View all user comments for this tutorial.

Tutorial statistics

Date added:
21.08.2007
Author:
Alex Elliott
User rating:
4/5
Rate tutorial:
Total views:
63128
Total comments:
490

Advertisements