Thursday, September 18, 2008

Simple File Uploading Script in PHP

Simple File Uploading Script in PHP

PHP is undoubtedly the best programming language when it comes to web programming. It gives us so many features and capabilities, a few of which we’ve discussed already. So continuing with that, today we’ll see how we can use a few lines of code to create a script that’d allow file uploading right from the web browser. File upload feature is definitely useful kinds of website but at the same time very much vulnerable to malicious attacks as well. So use it with a LOT of precautions!

For this example, we’ll need a front-end web page that’ll accept the file from the user and a backend script to process and store the file. Let’s look at the codes of each:


  <form action="upload_file.php" method="post"
  <label for="file">Filename:</label>
  <input type="file" name="file" id="file" />
  <br />
  <input type="submit" name="submit" value="Submit" />

Here we have a HTML form that calls the script on submission. The method of data sending should be “POST” and there should be and enctype as “multipart/form-data” which means we can upload binary form data. The input type “file” opens the File Input Box that’d let the user browse for the file. The submit button “Upload” submits the form as usual.


if ($_FILES["file"]["error"] > 0) 
    echo "Error:: " $_FILES["file"]["error"] . "<br />"; 
    if (file_exists($_FILES["file"]["name"])) 
        echo $_FILES["file"]["name"] . " already exists. "; 
        move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]); 
        echo "File <b>" $_FILES["file"]["name"] . "</b> uploaded successfully!"; 

Just like we had POST form data in $_POST[] and GET data in $_GET[] array same way to have files sent to script we use $_FILES[] array.

  • $_FILES["file"]["error"]: Tells us if there is any error in uploading. Note that “file” the first string index of the array is the name of the “File” input type from the HTML form.

  • $_FILES["file"]["tmp_name"]: All the files sent to any script is stores in a temporary directory by PHP, this tells us the location of that temporary file.

  • $_FILES["file"]["name"]: It tells us the name of the file on the users’ computer.

  • move_uploaded_file(): As files sent to scripts are just stored temporarily, we have to save it to some place, for this we use this PHP function. It’s first parameter is the temporary file location and second is the place we need to store the file and with what name. We are storing it to the same directory the script is in and with name same as on the users’ computer.

NOTE: This is just meant for example purpose and you shouldn’t have this on your server as it is an open invitation to hackers/spammers. If you need upload facility on your website in all the cases you should have some kind of authentication system that'd only allow registered users to upload anything. you should also accept only certain file types. you wouldn't like someone uploading/running spamming script off your server. Would you? there may be a few other precautions that you may need to take depending on the purpose you intend to use the script for.

Previous Posts:


  1. Hi Arvind,

    Nice blog, recently I have created a blog to write about some of my programming experiences that might be useful for others. I hope its okay if i add you to my related blogs list.


  2. Hi Armin,

    Great thank you. Yeah it's OK to add my blog there, in fact it's my pleasure.


  3. Hi Arvind,

    Thanks for the comment on my blog. I just wanted to let you know about service I just joined. Its a free banner exchange service. I've just signed up, you can see it on my blog. Its by, you can advertise your blog for free. I don't have your email, so I left a comment, feel free to delete it if you like.


  4. Anonymous9:28 PM

    Hai ...Nice blog,
    Let's share with me in url

    and what is the difference is php4 and php5 ?


  5. @Hemlet

    check out this page:


  6. your article is very informative. it more of learning then just a simple article.

  7. Hi

    Thanks For this post

    It’s really useful to me.

  8. This is great, thank you for the very clear, step-by-step explanation. I do realize I need to use a service so I won't get hacked, but it's great for practicing. :)

  9. how can we upload a file on the server in java script without using file upload Control?

  10. Anonymous9:48 AM

    Thank you. Its working gr8.


You are free to comment anything, although you can comment as 'Anonymous' it is strongly recommended that you supply your name. Thank You.

Please don't use abusive language.