Uploading files with PHP (POST method)

1. Introduction

At times you, or your users will want to upload some files onto your web server. Whether or not the files are saved in to a directory on the server, or as binary data in a database is up to you to implement. However the methods are similar.


2. File Upload Form

Here's a sample HTML code:

<form enctype="multipart/form-data" action="[targetfile].php" method="post">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    Upload this file: <input type="file" name="file" />
    <input type="submit" value="Submit File" />


  • enctype="multipart/form-data" -- often overlooked, this must be included otherwise the file upload will not work.

  • MAX_FILE_SIZE -- (in bytes) ensure that this value is set smaller than upload_max_filesize set in php.ini.

  • <input type="file" name="file" /> -- displays the file input dialogue (input text box and a browse button).

3. Handling uploaded files with PHP

The uploaded file is stored in the $_FILES['file'] array, where 'file' is the name of the variable defined from our example above. The other contents of the $_FILES['file'] array are:

  • $_FILES['file']['name'] -- original name of the file on the client machine.

  • $_FILES['file']['type'] -- mime type of the file, provided by the browser

  • $_FILES['file']['size'] -- size (in bytes) of the uploaded file

  • $_FILES['file']['tmp_name'] -- temporary filename of the uploaded file, stored on the server

  • $_FILES['file']['error'] -- returns an error code, useful for debugging.

Uploading multiple files

You can upload multiple files by using different names for input. For example:

File One: <input type="file" name="file1" />
File Two: <input type="file" name="file2" />

You can also store the files in an array:

File One: <input type="file" name="file[]" />
File Two: <input type="file" name="file[]" />

The PHP code to access those files would be:

$filename_1 = $_FILES['file']['name'][0]; // filename of the first file
$filename_2 = $_FILES['file']['name'][1]; // filename of the second file

4. Saving the file to a directory on the server

We'll use the PHP function move_uploaded_file() to move the file to a directory on the server.

  $targetdir = '/uploads/';   
      // name of the directory where the files should be stored
  $targetfile = $targetdir.$_FILES['file']['name'];

  if (move_uploaded_file($_FILES['file']['tmp_name'], $targetfile)) {
    // file uploaded succeeded
  } else { 
    // file upload failed

You might want to do additional checking (for existance of a file with the same name, 0 byte files, allowed file types, etc) before you save the file. Remember that you can use the error codes mentioned above.

5. Saving the file to a database on the server

To save the file to a database, ensure that the column type is correct (usually a BLOB) to handle binary data. I usually create the following columns to store the file information: filename, bin_data, filesize, filetype. The following PHP code can then be used to extract the binary data:

  $currfile = $_FILES['file']['tmp_name'];
  $filename = $_FILES['file']['name'];
  // ...
  if($filename!='') {
    $bin_data = addslashes(fread(fopen($currfile), "rb"), filesize($currfile)));
  // ... database INSERT statements