Uploading files with PHP (using POST)

Uploading files with PHP (using POST)

Published: Sunday, 28 October 2007

There may be a requirement for users to upload files to your web server. Whether the files are saved to a directory on the server, or as binary data in a database is up to you to implement.

Links

More information on handling file uploads from the PHP manual.

File Upload Form

Here’s a sample HTML code:

<form enctype="multipart/form-data" action="[targetfile].php" method="post">
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    Upload this file: <input type="file" name="file" />
    <input type="submit" value="Submit File" />
</form>

Explanation:

  • enctype="multipart/form-data" — often overlooked, this must be included otherwise the file upload will not work.
  • MAX_FILE_SIZE — (in bytes) ensure that this value is set smaller than upload_max_filesize set in php.ini.
  • <input type="file" name="file" /> — displays the file input dialogue (input text box and a browse button).

Handling uploaded files with PHP

The uploaded file is stored in the $_FILES['file'] array, where ‘file’ is the name of the variable defined from our example above. The other contents of the $_FILES['file'] array are:

  • $_FILES['file']['name'] — original name of the file on the client machine.
  • $_FILES['file']['type'] — mime type of the file, provided by the browser
  • $_FILES['file']['size'] — size (in bytes) of the uploaded file
  • $_FILES['file']['tmp_name'] — temporary filename of the uploaded file, stored on the server
  • $_FILES['file']['error'] — returns an error code, useful for debugging.

Uploading multiple files

You can upload multiple files by using different names for input. For example:

File One: <input type="file" name="file1" />
File Two: <input type="file" name="file2" />

You can also store the files in an array:

File One: <input type="file" name="file[]" />
File Two: <input type="file" name="file[]" />

The PHP code to access those files would be:

$filename_1 = $_FILES['file']['name'][0]; // filename of the first file
$filename_2 = $_FILES['file']['name'][1]; // filename of the second file

Saving the file to a directory on the server

We’ll use the PHP function move_uploaded_file() to move the file to a directory on the server.

<?php
  $targetdir = '/uploads/';   
      // name of the directory where the files should be stored
  $targetfile = $targetdir.$_FILES['file']['name'];

  if (move_uploaded_file($_FILES['file']['tmp_name'], $targetfile)) {
    // file uploaded succeeded
  } else { 
    // file upload failed
  }
?>

Before saving the file, you may want to perform additional validation such as rejecting duplicate files, zero byte files or files with unknown types.

Saving the file to a database on the server

Ensure the column type supports storing of the file. A BLOB is usually required to handle binary data. Create the following columns to store the file information: filename, bin_data, filesize, filetype. The following PHP code can then be used to extract the binary data:

<?php
  $currfile = $_FILES['file']['tmp_name'];
  $filename = $_FILES['file']['name'];
  // ...
  if($filename!='') {
    $bin_data = addslashes(fread(fopen($currfile), "rb"), filesize($currfile)));
  }
  // ... database INSERT statements
?>