Uploading files with PHP (using POST)

Uploading files with PHP (using POST)

Published: Sunday, 28 October 2007

There may be a requirement for users to upload files to your web server. Whether the files are saved to a directory on the server, or as binary data in a database is up to you to implement.


More information on handling file uploads from the PHP manual.

File Upload Form

Here’s a sample HTML code:

<form enctype="multipart/form-data" action="[targetfile].php" method="post">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    Upload this file: <input type="file" name="file" />
    <input type="submit" value="Submit File" />


  • enctype="multipart/form-data" — often overlooked, this must be included otherwise the file upload will not work.
  • MAX_FILE_SIZE — (in bytes) ensure that this value is set smaller than upload_max_filesize set in php.ini.
  • <input type="file" name="file" /> — displays the file input dialogue (input text box and a browse button).

Handling uploaded files with PHP

The uploaded file is stored in the $_FILES['file'] array, where ‘file’ is the name of the variable defined from our example above. The other contents of the $_FILES['file'] array are:

  • $_FILES['file']['name'] — original name of the file on the client machine.
  • $_FILES['file']['type'] — mime type of the file, provided by the browser
  • $_FILES['file']['size'] — size (in bytes) of the uploaded file
  • $_FILES['file']['tmp_name'] — temporary filename of the uploaded file, stored on the server
  • $_FILES['file']['error'] — returns an error code, useful for debugging.

Uploading multiple files

You can upload multiple files by using different names for input. For example:

File One: <input type="file" name="file1" />
File Two: <input type="file" name="file2" />

You can also store the files in an array:

File One: <input type="file" name="file[]" />
File Two: <input type="file" name="file[]" />

The PHP code to access those files would be:

$filename_1 = $_FILES['file']['name'][0]; // filename of the first file
$filename_2 = $_FILES['file']['name'][1]; // filename of the second file

Saving the file to a directory on the server

We’ll use the PHP function move_uploaded_file() to move the file to a directory on the server.

  $targetdir = '/uploads/';   
      // name of the directory where the files should be stored
  $targetfile = $targetdir.$_FILES['file']['name'];

  if (move_uploaded_file($_FILES['file']['tmp_name'], $targetfile)) {
    // file uploaded succeeded
  } else { 
    // file upload failed

Before saving the file, you may want to perform additional validation such as rejecting duplicate files, zero byte files or files with unknown types.

Saving the file to a database on the server

Ensure the column type supports storing of the file. A BLOB is usually required to handle binary data. Create the following columns to store the file information: filename, bin_data, filesize, filetype. The following PHP code can then be used to extract the binary data:

  $currfile = $_FILES['file']['tmp_name'];
  $filename = $_FILES['file']['name'];
  // ...
  if($filename!='') {
    $bin_data = addslashes(fread(fopen($currfile), "rb"), filesize($currfile)));
  // ... database INSERT statements