PHP : File Upload

Handling file uploads in PHP involves using the $_FILES superglobal, moving the uploaded file to a permanent location, and performing any necessary validations. Here's a step-by-step guide on how to handle file uploads:

1. Create HTML Form for File Upload:

Create an HTML form with the enctype="multipart/form-data" attribute to allow file uploads.

upload_form.html:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>File Upload Form</title>
</head>
<body>
    <h2>Upload File</h2>
    <form action="upload.php" method="post" enctype="multipart/form-data">
        <input type="file" name="fileToUpload" id="fileToUpload">
        <input type="submit" value="Upload File" name="submit">
    </form>
</body>
</html>

2. PHP Script to Handle File Upload:

Create a PHP script (upload.php) to handle the file upload process. This script will receive the uploaded file, validate it, and move it to a permanent location.

upload.php:

<?php
$targetDir = "uploads/";
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

// Check if file is a valid image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

// Check if file already exists
if (file_exists($targetFile)) {
    echo "File already exists.";
    $uploadOk = 0;
}

// Check file size (max size: 2MB)
if ($_FILES["fileToUpload"]["size"] > 2000000) {
    echo "File is too large.";
    $uploadOk = 0;
}

// Allow only certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "File was not uploaded.";
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Error uploading file.";
    }
}
?>

Explanation:

  • The $_FILES["fileToUpload"] superglobal contains all the information about the uploaded file.

  • $targetDir specifies the directory where the file will be uploaded.

  • basename($_FILES["fileToUpload"]["name"]) gets the basename of the uploaded file.

  • getimagesize() checks if the file is a valid image.

  • file_exists() checks if the file already exists in the target directory.

  • $_FILES["fileToUpload"]["size"] gets the file size in bytes.

  • $imageFileType gets the file extension.

  • The script checks the file size, file type (only allows images), and other conditions before moving the file to the target directory using move_uploaded_file().

File Upload Process:

  • User selects a file in the HTML form and submits it.

  • The form data is sent to upload.php.

  • upload.php checks if the file is an image, its size, format, and if it already exists.

  • If all checks pass, the file is moved to the uploads directory.

Important Notes:

  • Ensure the uploads directory has the correct permissions (typically write permissions for the web server).

  • Always validate and sanitize user input before using it.

  • Limit file upload size to prevent abuse.

This example covers a basic file upload process in PHP, but depending on your requirements, you might need additional checks and handling.