PHP Lesson 23 – How to Upload file $_FILES, move_uploaded_file()

Hello viewer, You can now have our Tutorial Lessons in your android mobile device and read it offline.
Download kotlin Programming APP on PlayStore
Download Website SEO Lessons APP on PlayStore

PHP Lesson 23 - How to Upload  file $_FILES, move_uploaded_file() - PHP Lesson 23 - How to Upload  file $_FILES, move_uploaded_file() - PHP Lesson 23 - How to Upload  file $_FILES, move_uploaded_file() - php file upload
php file upload

The following script will explain how to enable a simple file upload. Your visitor can select a file from their local hard drive and then upload it to your webspace. For example, visitors can upload images to your website.

Form for file upload

Your file upload form may look like this:

<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="name"><br>
<input type="submit" value="upload">

It is important that you set the encrypt in the form element. To upload a file you choose as a type corresponding file from. Your form can also contain multiple file input fields if you want to upload multiple files at the same time. Make sure that each field has a different name.

Upload script

Uploaded files are in the variable $_FILES. Similar to $_POST and $ _GET you can retrieve the different uploaded files.

Your web server will save the uploaded file under a temporary name. To get this file into your webspace, you have to move it accordingly. This is done using the function move_uploaded_file(); ,

Your upload.php could look like this in the simplest case:

move_uploaded_file($_FILES['file']['tmp_name'], 'upload/'.$_FILES['file']['name']);

This would move the temporary file to the upload subdirectory with the original name of the file. Attention, existing data will be overwritten. Also, if you’re running this on your web host, make sure that PHP can write to the directory. Possibly. the directory must have the write authorization CHMOD 777 for this.

The $_FILES array

File uploads saves PHP in the $_FILES array. Depending on the name given to the input field, you can access different information in the array $_FILES[‘name_input_fields’] :

$ _ FILES [ ‘file’] [ ‘name’]The name of the file on the computer of the visitor
$ _ FILES [ ‘file’] [ ‘tmp_name’]Temporary path on the server to the uploaded file
$ _ FILES [ ‘file’] [ ‘size’]The size of the file in bytes.
$ _ FILES [ ‘file’] [ ‘type’]The MIME type of the file (Attention: Can be manipulated by an attacker).

Secure image upload

A secure upload for images may look like this. It is checked that an image file is really uploaded. Also, the size of the file is checked to exclude large files. If an image with the name already exists, the name of the file is extended by a corresponding number.

$upload_folder = 'upload /'; // The upload directory
$filename = pathinfo ($_FILES ['file']['name'],PATHINFO_FILENAME);
$extension = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));
// check the file extension
$allowed_extensions = array ('png', 'jpg', 'jpeg', 'gif');
if(!in_array($extension, $allowed_extensions)) {
 die("Invalid file extension. Only png, jpg, jpeg and gif files are allowed");
// checking the file size
$max_size = 500 * 1024; // 500 KB
if($_FILES['file']['size'] > $max_size) {
 die("Please do not upload files larger than 500kb");
// Check that the image contains no errors
if (function_exists ('exif_imagetype')) {
//The exif_imagetype function requires the exif extension on the server
 $detected_type = exif_imagetype($_FILES['file']['tmp_name']);
 if(!in_array($detected_type, $allowed_types)) {
 die("Only the upload of image files is allowed");
// path to upload
$new_path = $upload_folder.$filename.'.'.$extension;
// new filename if the file already exists
if(file_exists ($new_path)) {// If file exists, append a number to the file name
 $id = 1;
 do {
 $new_path = $upload_folder.$filename.'_'.$id.'.'.$extension;
 } while (file_exists ($new_path));
// Everything okay, move file to new path
move_uploaded_file($_FILES['file']['tmp_name'], $new_path);
echo 'image successfully uploaded: <a href="'.$new_path.'">'.$new_path.'</a>';


About The Author

Related posts

Leave a Reply