PHP, a versatile server-side scripting language, makes it relatively straightforward to implement file upload functionality. In this step-by-step tutorial you will learn how to upload files to the server through HTML form and as the server side language we will use PHP.
Step 1: Enable File Upload in PHP
First, open your βphp.ini
β file and make sure that file_uploads
enabled. Otherwise, you will get errors when you try to upload files (by default, it is enabled).
As well as in the php.ini
file, you can increase the upload_max_filesize
according to your need. In the following image, the upload_max_filesize=2M
, which means you canβt upload those files whose size is over 2MB
.
Step 2: Create the Project Folder
Open your xampp htdocs
folder or your localhost www
directory and create a new folder called php-file-uploading
, this the project or app folder.
In this project folder create two files index.html
and upload.php
and one folder called uploads/
index.html
– contain the HTML form to upload flies.upload.php
– contain the file uploading script.uploads/
– Destination of the file to be uploaded.
php-file-uploading/
βββ uploads/
βββ index.html
βββ upload.php
Step 3: Create HTML Form for Uploading Files
Create index.html
at the root and add an HTML form in that allows users to select and submit files. Must add the enctype
attribute set to "multipart/form-data"
to enable file uploads. Here is the html code –
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>File Upload Form</title>
</head>
<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
<label for="file">Choose a file:</label>
<input type="file" name="file" id="file">
<input type="submit" value="Upload File">
</form>
</body>
</html>
In this code the form will send a POST request to the upload.php
when a user clicks the “Upload File” button. The name="file"
is an important attribute because we can access the file in the upload.php
via the name which is file
.
Step 4: Create “upload.php” that Contains File Uploading Script
Create a PHP script called upload.php
to handle the uploaded file. Here is the script for file uploading –
<?php
// Check if the form is submitted via POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$targetDir = "uploads/"; // Specify the target directory
$targetFile = $targetDir . basename($_FILES["file"]["name"]); // Get the file name
// Check if file already exists
if (file_exists($targetFile)) {
echo "Sorry, the file already exists.";
} else {
// Move the uploaded file to the specified directory
if (move_uploaded_file($_FILES["file"]["tmp_name"], $targetFile)) {
echo "The file has been uploaded successfully.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}
This code checks if a file has been uploaded via a POST request and then attempts to move it to a specified directory. Here’s a breakdown of the code with comments:
- The script checks if the request method is
POST
. - It specifies the target directory (
$targetDir
) where the uploaded file will be moved. - It constructs the full path to the uploaded file using the target directory and the filename obtained from the
$_FILES
array. - It checks if the file already exists in the target directory. If it does, an error message is displayed.
- If the file doesn’t exist, it attempts to move the uploaded file from its temporary location (
tmp_name
) to the target directory usingmove_uploaded_file()
function. - Depending on the success of the file upload operation, appropriate success or error messages are displayed.
Step 5: Handle File Upload Errors:
PHP provides the $_FILES["file"]["error"]
variable, which indicates if any issues occurred during the upload. This variable contains an integer value (error code) and each integer value indicates a special message. Read this.
<?php
// Check if the form is submitted via POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Specify the target directory for uploads
$targetDir = "uploads/";
// Check if the file upload encountered any errors
if ($_FILES["file"]["error"] != UPLOAD_ERR_OK) {
// Handle different upload error cases
switch ($_FILES["file"]["error"]) {
case UPLOAD_ERR_INI_SIZE:
echo "The uploaded file exceeds the upload_max_filesize directive in php.ini.";
break;
case UPLOAD_ERR_FORM_SIZE:
echo "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.";
break;
case UPLOAD_ERR_PARTIAL:
echo "The uploaded file was only partially uploaded.";
break;
case UPLOAD_ERR_NO_FILE:
echo "No file was uploaded.";
break;
case UPLOAD_ERR_NO_TMP_DIR:
echo "Missing a temporary folder.";
break;
case UPLOAD_ERR_CANT_WRITE:
echo "Failed to write file to disk.";
break;
case UPLOAD_ERR_EXTENSION:
echo "A PHP extension stopped the file upload.";
break;
default:
echo "Sorry, there was an unknown error uploading your file.";
}
} else {
// Move the uploaded file to the specified directory
$targetFile = $targetDir . basename($_FILES["file"]["name"]);
if (move_uploaded_file($_FILES["file"]["tmp_name"], $targetFile)) {
echo "The file has been uploaded successfully.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}
Step 6: Limit the File Upload Size
You can check if the uploaded file exceeds the maximum allowed size before processing or saving it. This is important to ensure that your script doesn’t attempt to handle files that are larger than the server’s configured limits. Here’s an example of how you can perform this check:
// Define the maximum allowed file size in bytes
$maxFileSize = 2 * 1024 * 1024; // 2 megabytes
if ($_FILES["file"]["size"] >= $maxFileSize) {
echo 'File size exceeds the maximum allowed limit.';
} else{
// File uploading code...
}
You can get the maximum allowed file upload size from php.ini
using ini_get()
.
// Get the maximum allowed file upload size from php.ini
$maxUploadSize = ini_get('upload_max_filesize');
Step 7: Limit the File Type
It’s crucial to not only limit the file size but also validate and restrict the file types that are allowed to be uploaded. This is important for security reasons to prevent users from uploading potentially harmful files. Here’s an example of how you can limit the file types in a PHP file upload script:
// Define the allowed file types
$allowedFileTypes = ['jpg', 'jpeg', 'png', 'gif'];
// Get the file extension
$fileExtension = strtolower(pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION));
// Check if the file type is not allowed
if (!in_array($fileExtension, $allowedFileTypes)) {
echo 'Invalid file type. Only ' . implode(', ', $allowedFileTypes) . ' are allowed.';
}else{
// File uploading code...
}
Step 8: Rename Files Before Uploading
When uploading files in PHP, you might want to rename the files before saving them to the server. This can be useful for various reasons, such as avoiding naming conflicts, ensuring unique filenames, or implementing a consistent naming convention. Here’s an example of how you can rename files before uploading them:
<?php
// Function to generate a unique filename
function generateUniqueFilename($originalFilename)
{
// Extract file extension
$fileExtension = pathinfo($originalFilename, PATHINFO_EXTENSION);
// Generate unique filename using MD5 hash and current timestamp
$newFilename = md5(uniqid()) . '-' . time() . '.' . $fileExtension;
return $newFilename;
}
// Check if the form is submitted via POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$targetDir = "uploads/"; // Specify the target directory
// Generate a unique filename for the uploaded file
$uniqueFilename = generateUniqueFilename($_FILES["file"]["name"]);
$targetFile = $targetDir . basename($uniqueFilename);
// Check if file already exists
if (file_exists($targetFile)) {
echo "Sorry, the file already exists.";
} else {
// Move the file to the specified directory
if (move_uploaded_file($_FILES["file"]["tmp_name"], $targetFile)) {
echo "The file has been uploaded successfully.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}
Step 9: Upload Images and Store their Name in the Database
Storing image names in a database offers numerous benefits in terms of data management, organization, security, and integration, making it a preferred approach in many web development scenarios.
Below is an example script that demonstrates how to store name of the files into the database when uploading them. This example assumes you have a MySQL database, but you can adapt it to other database systems.
Create a Database and a Table In the Database:
- Database name:
test
the name is totally up to you. - Table name:
uploaded_files
you can give any name.
Use the following SQL code to create the uploaded_files
table and its columns.
CREATE TABLE uploaded_files (
id INT AUTO_INCREMENT PRIMARY KEY,
file_name VARCHAR(255) NOT NULL,
file_path VARCHAR(255) NOT NULL,
upload_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
PHP Script for Saving the File Name in the DB
<?php
// Database configuration
$dbHost = 'localhost'; // Your DB Host
$dbUser = 'root'; // Your DB User
$dbPass = ''; // Your DB Password
$dbName = 'test'; // Your DB Name
// Create database connection
$conn = new mysqli($dbHost, $dbUser, $dbPass, $dbName);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Function to generate a unique filename
function generateUniqueFilename($originalFilename)
{
// Extract file extension
$fileExtension = pathinfo($originalFilename, PATHINFO_EXTENSION);
// Generate unique filename using MD5 hash and current timestamp
$newFilename = md5(uniqid()) . '-' . time() . '.' . $fileExtension;
return $newFilename;
}
// Check if the form is submitted via POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$targetDir = "uploads/"; // Specify the target directory
// Generate a unique filename for the uploaded file
$uniqueFilename = generateUniqueFilename($_FILES["file"]["name"]);
$targetFile = $targetDir . basename($uniqueFilename);
// Check if file already exists
if (file_exists($targetFile)) {
echo "Sorry, the file already exists.";
} else {
// Move the file to the specified directory
if (move_uploaded_file($_FILES["file"]["tmp_name"], $targetFile)) {
// Store file information in the database
$sql = "INSERT INTO uploaded_files (file_name, file_path) VALUES (?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $uniqueFilename, $targetFile);
$stmt->execute();
$stmt->close();
echo "The file has been uploaded successfully.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}