PHP is undoubtedly the best programming language when it comes to web programming.
It gives us so many features and capabilities, a few of which we’ve discussed
already. So continuing with that, today we’ll see how we can use a few
lines of code to create a script that’d allow file uploading right from
the web browser. File upload feature is definitely useful kinds of website but
at the same time very much vulnerable to malicious attacks as well. So use it
with a LOT of precautions!
For this example, we’ll need a front-end web page that’ll accept
the file from the user and a backend script to process and store the file. Let’s
look at the codes of each:
upload.html:
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
Here we have a HTML form that calls the script on submission. The method of
data sending should be “POST” and there should be and
enctype as “multipart/form-data” which means we can
upload binary form data. The input type “file” opens the File Input
Box that’d let the user browse for the file. The submit button “Upload”
submits the form as usual.
upload_file.php:
<?php
if ($_FILES["file"]["error"] > 0)
echo "Error:: " . $_FILES["file"]["error"] . "<br />";
else
{
if (file_exists($_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
echo "File <b>" . $_FILES["file"]["name"] . "</b> uploaded successfully!";
}
}
?> Just like we had POST form data in $_POST[] and GET data in $_GET[]
array same way to have files sent to script we use $_FILES[] array.
$_FILES["file"]["error"]: Tells
us if there is any error in uploading. Note that “file” the
first string index of the array is the name of the “File” input
type from the HTML form.
$_FILES["file"]["tmp_name"]:
All the files sent to any script is stores in a temporary directory by PHP,
this tells us the location of that temporary file.
$_FILES["file"]["name"]:
It tells us the name of the file on the users’ computer.
move_uploaded_file():As files sent to scripts
are just stored temporarily, we have to save it to some place, for this
we use this PHP function. It’s first parameter is the temporary file
location and second is the place we need to store the file and with what
name. We are storing it to the same directory the script is in and with
name same as on the users’ computer.
NOTE: This is just meant for example purpose and you shouldn’t have this
on your server as it is an open invitation to hackers/spammers. If you need
upload facility on your website in all the cases you should have some kind of
authentication
system that'd only allow registered users to upload anything. you should
also accept only certain file types. you wouldn't like someone uploading/running
spamming script off your server. Would you? there may be a few other precautions
that you may need to take depending on the purpose you intend to use the script
for.
Previous Posts: