Uploading pictures, videos and other files using PHP

Hi folks,

This is a post meant primarily for beginners who think uploading files is a big or complex tax. In this post, I’m going to show you how easy it is to upload any file using PHP.

Just follow the steps carefully and try it yourself.

First, confirm if your PHP configuration supports uploading. But how? Okay, just open your php.ini file and search for this:

file_uploads = On

If you don’t have that entry or the value is set to ‘Off’, then you need to set it ‘On’.

Now, let’s go straight to writing the upload code.

BASIC UPLOAD OF ANY FILE

Create a new PHP project inside your web server directory (let say C:\wamp\www\php_file_uploader).

Now, create a basic HTML file with the following structure:

<!DOCTYPE html>

<html>

<head>

<meta charset=”UTF-8″>

<title>PHP File Uploader</title>

</head>

<body>

<form action=”uploader.php” method=”post” enctype=”multipart/form-data”>

<label>Select a file to upload:</label>

<input type=”file” name=”selectedFile”>

<button>Upload</button>

</form>

</body>

</html>

Now, in your uploader.php file, type in the following:

<?php

if (isset($_FILES)) { // checks if the $_FILES global variable is set

if (isset($_FILES[‘selectedFile’])) { // confirm it is a file coming from our form with the name ‘selectedFile’

if (move_uploaded_file($_FILES[‘selectedFile’][‘tmp_name’], ‘uploads/’ . $_FILES[‘selectedFile’][‘name’])) { // upload the file to our application or targert directory

echo ‘Upload was successful.’;

} else {

echo ‘Unable to upload your file, please try again.’;

}

}

}

Now, fire up your application on your web browser (let say: http://localhost/php_file_uploader/)

Once you select a file and hit the upload button, check your project directory and you should see the file there!

Things to note in the above files:

index.html

  1. <form action=”uploader.php” method=”post” enctype=”multipart/form-data”>: the action tells the script to execute on form submission and enctype=”multipart/form-data” is compulsory if you must upload a file
  2. <input type=”file” name=”selectedFile”>: selectedFile is the name to be used by PHP for the upload

The comments in the uploader.php file are self explanatory

 

UPLOADING TO A PARTICULAR DIRECTORY

If you check the root directory of your project, you will see the file you just uploaded together with the html and php files. This is not a good practice as uploaded file are usually kept in a separate folder to keep things tidy!

Assuming you created a sub-folder in the application’s root directory named ‘uploads’, change your PHP code to the following:

move_uploaded_file($_FILES[‘selectedFile’][‘tmp_name’], ‘uploads/’ . $_FILES[‘selectedFile’][‘name’]);

Your new file should be automatically saved into the uploads folder you have created.

 

ACCEPTING IMAGES ONLY FOR UPLOAD

Sometimes, you want users to upload their passport on a registration page. In this case, no other file should be saved except the well known image file types [JPG/JPEG, PNG, GIF].

To achieve that, change your code as follows:

<?php

if (isset($_FILES)) { // checks if the $_FILES global variable is set

if (isset($_FILES[‘selectedFile’])) { // confirm it is a file coming from our form with the name ‘selectedFile’

$fileParts = pathinfo($_FILES[‘selectedFile’][‘name’]);

$extention = $fileParts[‘extension’];

if (!in_array($extention, array(‘jpg’, ‘jpeg’))) {

echo ‘Unsupported image file.’;

exit;

}

if (move_uploaded_file($_FILES[‘selectedFile’][‘tmp_name’], ‘uploads/’ . $_FILES[‘selectedFile’][‘name’])) { // upload the file to our application or targert directory

echo ‘Upload was successful.’;

} else {

echo ‘Unable to upload your file, please try again.’;

}

}

}

 

WHAT ABOUT SECURITY?

Ensuring security of your web server and or application is very important. Therefore, you should always validate files before they are uploaded to your application.

A simple and basic security measure you can take is to check if the file name contains only valid characters and this is how it’s done:

if ((preg_match(‘^[A-Za-z0-9]{1,32}+[.]{1}[A-Za-z]{3,4}$^’, $_FILES[‘selectedFile’][‘name’])) {

// go ahead and upload

if (move_uploaded_file($_FILES[‘selectedFile’][‘tmp_name’], ‘uploads/’ . $_FILES[‘selectedFile’][‘name’])) { // upload the file to our application or targert directory

echo ‘Upload was successful.’;

} else {

echo ‘Unable to upload your file, please try again.’;

}

}

 

That is the little I know about file uploads in PHP. You can contribute to this post by commenting below.

Thanks for taking your time to read this post.

Leave a Reply

Your email address will not be published. Required fields are marked *