With PHP, you can upload files to the server.
Create a File Upload form
It is very useful to allow users to upload files from a form.
Take a look at the following HTML form for uploading files:
<HTML><Body><formAction= "upload_file.php"Method= "POST"enctype= "Multipart/form-data"><label for= "File">Filename:</label><inputtype= "File"name= "File"ID= "File" /> <BR/><inputtype= "Submit"name= "Submit"value= "Submit" /></form></Body></HTML>
Please note the following information about this form:
The enctype attribute of the <form> tag specifies what type of content to use when submitting a form. Use "Multipart/form-data" when the form requires binary data, such as the contents of a file.
The type= "file" attribute of the <input> tag specifies that the input should be processed as a file. For example, when previewing in a browser, you'll see a browse button next to the input box.
Note: Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.
Create an upload script
The "upload_file.php" file contains the code for uploading the file:
<?PHPif($_files["File"] ["error"] > 0) { Echo"Error:".$_files["File"] ["Error"]. "<br/>"; }Else { Echo"Upload:".$_files["File"] ["Name"]. "<br/>"; Echo"Type:".$_files["File"] ["Type"]. "<br/>"; Echo"Size:". ($_files["File"] ["Size"]/1024). "Kb<br/>"; Echo"Stored in:".$_files["File"] ["Tmp_name"]; }?>
By using PHP's global array $_files, you can upload files from a client computer to a remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "Size", "Tmp_name" or "error". Just like this:
- $_files["File" ["Name"]-the name of the file being uploaded
- $_files["File" ["type"]-the type of file being uploaded
- $_files["File" ["Size"]-the size of the uploaded file, measured in bytes
- $_files["File" ["Tmp_name"]-the name of the temporary copy of the file stored on the server
- $_files["File" ["Error"]-error code caused by file upload
This is a very simple way to upload files. Based on security considerations, you should increase the restrictions on what users have permission to upload files.
Upload limit
In this script, we have added restrictions on file uploads. Users can only upload. gif or. jpeg files, and the file size must be less than KB:
<?PHPif((($_files["File"] ["type"] = = "Image/gif")|| ($_files["File"] ["type"] = = "Image/jpeg")|| ($_files["File"] ["type"] = = "Image/pjpeg"))&& ($_files["File"] ["Size"] < 20000)) { if($_files["File"] ["error"] > 0) { Echo"Error:".$_files["File"] ["Error"]. "<br/>"; } Else { Echo"Upload:".$_files["File"] ["Name"]. "<br/>"; Echo"Type:".$_files["File"] ["Type"]. "<br/>"; Echo"Size:". ($_files["File"] ["Size"]/1024). "Kb<br/>"; Echo"Stored in:".$_files["File"] ["Tmp_name"]; } }Else { Echo"Invalid file"; }?>
Note: For IE, the type of the recognized JPG file must be pjpeg, and for FireFox, it must be JPEG.
Save the uploaded file
The above example creates a temporary copy of the uploaded file in the server's PHP Temp folder.
This temporary copy of the file disappears at the end of the script. To save the uploaded file, we need to copy it to another location:
<?PHPif((($_files["File"] ["type"] = = "Image/gif")|| ($_files["File"] ["type"] = = "Image/jpeg")|| ($_files["File"] ["type"] = = "Image/pjpeg"))&& ($_files["File"] ["Size"] < 20000)) { if($_files["File"] ["error"] > 0) { Echo"Return Code:".$_files["File"] ["Error"]. "<br/>"; } Else { Echo"Upload:".$_files["File"] ["Name"]. "<br/>"; Echo"Type:".$_files["File"] ["Type"]. "<br/>"; Echo"Size:". ($_files["File"] ["Size"]/1024). "Kb<br/>"; Echo"Temp file:".$_files["File"] ["Tmp_name"]. "<br/>"; if(file_exists("upload/".$_files["File"] ["Name"])) { Echo $_files["File"] ["Name"]. "already exists."; } Else { Move_uploaded_file($_files["File"] ["Tmp_name"], "upload/".$_files["File"] ["Name"]); Echo"Stored in:". Upload/".$_files["File"] ["Name"]; } } }Else { Echo"Invalid file"; }?>
The script above detects if the file already exists, and if it does not, copies the file to the specified folder.
Note: This example saves the file to a new folder named "Upload".