File Upload – PHP Advanced

It’s easy to upload your files to server but with ease it comes danger so be careful when allowing file uploads.

Set Up “php.ini” File

Search for file_uploads directive in your “php.ini” File and make it On :

file_uploads = On

And now,

Create HTML FORM : which allows user to choose the file they want to upload

For the HTML upload form make sure that you use method=”post” and enctype=”multipart/form-data”. Because without these file upload won’t work.

<!DOCTYPE html>
 <html>
 <body>

<form action="fileToupload.php" method="post" enctype="multipart/form-data">
 Select an Image To Upload:-
 <input type="file" name="fileToUpload" id="fileToUpload">
 <input type="submit" value="Upload Image" name="submit">
 </form>

</body>
 </html>

Output :

Make Upload File PHP Script 

<?php
 $target_dir = "uploads/";
 $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
 $uploadOk = 1;
 $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
 // Check if image file is a actual image or fake image
 if(isset($_POST["submit"])) {
 $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
 if($check !== false) {
 echo "File is an image - " . $check["mime"] . ".";
 $uploadOk = 1;
 } else {
 echo "File is not an image.";
 $uploadOk = 0;
 }
 }
 ?>

In above code,

• “$target_file” defines path of file to be uploaded
• “$uploadOk=1” will be used later.
• “$target_dir = uploads/” – defines directory where file is going to be placed
• “$imageFileType” holds file extension of the file.

Check If File Already Exists

At first, lets check if file already exists in “uploads” folder. If it exists then, Error Message is shown, and $uploadOk is set to 0:

//To check if file already exists or not
 if (file_exists($target_file)) {
 echo "Sorry, the file already exists.";
 $uploadOk = 0;
 }

Limit File Size & Type

Now to check size of the file if its greater than 500kb; error message will be shown and $uploadOk is set to 0.

// To check file size
 if ($_FILES["fileToUpload"]["size"] > 500000) {
 echo "Sorry, your file is too large.";
 $uploadOk = 0;
 }

Given Code allows users to upload only JPEG, JPG, GIF, & PNG files. If other file types are uploaded then it shows error message before setting $uploadOk to 0:

// To allow certain file formats
 if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
 && $imageFileType != "gif" ) {
 echo "Sorry, only JPEG, JPG, GIF & PNG files are allowed.";
 $uploadOk = 0;
 }

At Last, Combining all those above code. Here’s a full Fill Upload PHP Script:

<?php
 $target_dir = "uploads/";
 $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
 $uploadOk = 1;
 $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// To check if image file is  actual or fake image
 if(isset($_POST["submit"])) {
 $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
 if($check !== false) {
 echo "File is an image - " . $check["mime"] . ".";
 $uploadOk = 1;
 } else {
 echo "File is not an image.";
 $uploadOk = 0;
 }
 }
 // To check if file already exists
 if (file_exists($target_file)) {
 echo "Sorry, the file already exists.";
 $uploadOk = 0;
 }
 //To check the file size
 if ($_FILES["fileToUpload"]["size"] > 500000) {
 echo "Sorry, your file is too large.";
 $uploadOk = 0;
 }
 // To allow certain file formats
 if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
 && $imageFileType != "gif" ) {
 echo "Sorry, only JPEG, JPG, GIF & PNG files are allowed.";
 $uploadOk = 0;
 }
 // To check if $uploadOk is set to 0 by an error
 if ($uploadOk == 0) {
 echo "Sorry, your file was not uploaded.";
 } else {
 if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
 echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
 } else {
 echo "Sorry, there was an error uploading your file.";
 }
 }
 ?>