Jump to content

[FAQ] How do I upload a file to a directory ?


Recommended Posts

The following outlines all the necessary steps needed to upload a file to the server, and then relocate the file to another directory.

Also see the FAQ on permissions at:

http://criminalexistence.com/ceforums/i ... ic=18419.0

Permissions must be set on the destination directory before this method will work.

Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. This is required, and will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. One attribute *must* also appear in the form tag to trigger the browser to upload data, and that is: enctype='multipart/form-data'.

The following should be pretty straight forward:



       echo "<html>\n",
            "    <head>\n",
            "        <title>UPLOAD TO A DIRECTORY</title>\n",
            "    </head>\n",
            "    <body>\n";

   if (!isset($_POST['do_action']))

       echo "        <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
            "            <input type='file' name='userfile' />\n",
            "            <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
            "            <input type='submit' name='do_action' value='Upload' />\n",
            "        </form>\n";
       // You may also use if (is_uploaded_file($_FILES['userfile']['tmp_name']))
       // IMO using if isset is an identical test

       if (isset($_FILES['userfile']['tmp_name']))
           // In this line I'm examining the file size and the MIME type of the file
           // to verify that the file is in the acceptable size range and is a jpeg
           // image.  MIME type testing isn't foolproof, it is possible to spoof this.
           // The size testing, however, is not spoofable.

           if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
               // Give the file a new name to prevent one user from overwriting files 
               // uploaded by another. mktime(), which creates a UNIX timestamp in 
               // addition to the user name is good for this.

               $new_file_name = mktime().'.jpg';

               // $_SERVER['DOCUMENT_ROOT'] will provide an absolute path to the base directory
               // fill in the rest of the path from there, if necessary.
               // echo the value of $_SERVER['DOCUMENT_ROOT'] to do this!

               $file_path     = '/images/users/'.$new_file_name;

               if (move_uploaded_file($_FILES['userfile']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].$file_path))
                   echo "Upload successful!

                   echo 'File: '.$_FILES['userfile']['name'].' ('.$_FILES['userfile']['size'].") Bytes
                   echo "Renamed: $new_file_name
                   echo 'Upload failed: There was likely a permissions error.';
               echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
           echo 'Upload failed: A valid file has not been uploaded!';

       echo "    </body>\n",


Also have a look at:

http://www.php.net/manual/en/features.f ... ost-method

Which explains the $_FILES superglobal and the information available in it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...