#1
|
|||
|
|||
PHP File Upload
With PHP, it is possible to upload files to the server.
Create an Upload-File Form To allow users to upload files from a form can be very useful. Look at the following HTML form for uploading files: enctype="multipart/form-data"> Notice the following about the HTML form above:
Note: Allowing users to upload files is a big security risk. Only permit trusted users to perform file uploads. Create The Upload Script The "upload_file.php" file contains the code for uploading a file: if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . " "; } else { echo "Upload: " . $_FILES["file"]["name"] . " "; echo "Type: " . $_FILES["file"]["type"] . " "; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb "; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } ?> By using the global PHP $_FILES array you can upload files from a client computer to the remote server. The first parameter is the form's input name and the second index can be either "name", "type", "size", "tmp_name" or "error". Like this:
|
#2
|
|||
|
|||
Restrictions on Upload
In this script we add some restrictions to the file upload. The user may only upload .gif or .jpeg files and the file size must be under 20 kb: || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . " "; } else { echo "Upload: " . $_FILES["file"]["name"] . " "; echo "Type: " . $_FILES["file"]["type"] . " "; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb "; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } } else { echo "Invalid file"; } ?> Note: For IE to recognize jpg files the type must be pjpeg, for FireFox it must be jpeg. |
#3
|
|||
|
|||
Saving the Uploaded File
The examples above create a temporary copy of the uploaded files in the PHP temp folder on the server. The temporary copied files disappears when the script ends. To store the uploaded file we need to copy it to a different location: if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . " "; } else { echo "Upload: " . $_FILES["file"]["name"] . " "; echo "Type: " . $_FILES["file"]["type"] . " "; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb "; echo "Temp file: " . $_FILES["file"]["tmp_name"] . " "; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?> The script above checks if the file already exists, if it does not, it copies the file to the specified folder. Note: This example saves the file to a new folder called "upload" |