Skip to main content

Simple File Uploading Script in PHP

Simple File Uploading Script in PHP

PHP is undoubtedly the best programming language when it comes to web programming. It gives us so many features and capabilities, a few of which we’ve discussed already. So continuing with that, today we’ll see how we can use a few lines of code to create a script that’d allow file uploading right from the web browser. File upload feature is definitely useful kinds of website but at the same time very much vulnerable to malicious attacks as well. So use it with a LOT of precautions!

For this example, we’ll need a front-end web page that’ll accept the file from the user and a backend script to process and store the file. Let’s look at the codes of each:

upload.html:


  <html>
  <body>
  <form action="upload_file.php" method="post"
  enctype="multipart/form-data">
  <label for="file">Filename:</label>
  <input type="file" name="file" id="file" />
  <br />
  <input type="submit" name="submit" value="Submit" />
  </form>
  </body>
  </html>

Here we have a HTML form that calls the script on submission. The method of data sending should be “POST” and there should be and enctype as “multipart/form-data” which means we can upload binary form data. The input type “file” opens the File Input Box that’d let the user browse for the file. The submit button “Upload” submits the form as usual.

upload_file.php:

<?php 
if ($_FILES["file"]["error"] > 0) 
    echo "Error:: " $_FILES["file"]["error"] . "<br />"; 
else 
{ 
    if (file_exists($_FILES["file"]["name"])) 
    { 
        echo $_FILES["file"]["name"] . " already exists. "; 
    } 
    else 
    { 
        move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]); 
        echo "File <b>" $_FILES["file"]["name"] . "</b> uploaded successfully!"; 
    } 
} 
?>   

Just like we had POST form data in $_POST[] and GET data in $_GET[] array same way to have files sent to script we use $_FILES[] array.

  • $_FILES["file"]["error"]: Tells us if there is any error in uploading. Note that “file” the first string index of the array is the name of the “File” input type from the HTML form.

  • $_FILES["file"]["tmp_name"]: All the files sent to any script is stores in a temporary directory by PHP, this tells us the location of that temporary file.

  • $_FILES["file"]["name"]: It tells us the name of the file on the users’ computer.

  • move_uploaded_file(): As files sent to scripts are just stored temporarily, we have to save it to some place, for this we use this PHP function. It’s first parameter is the temporary file location and second is the place we need to store the file and with what name. We are storing it to the same directory the script is in and with name same as on the users’ computer.

NOTE: This is just meant for example purpose and you shouldn’t have this on your server as it is an open invitation to hackers/spammers. If you need upload facility on your website in all the cases you should have some kind of authentication system that'd only allow registered users to upload anything. you should also accept only certain file types. you wouldn't like someone uploading/running spamming script off your server. Would you? there may be a few other precautions that you may need to take depending on the purpose you intend to use the script for.

Previous Posts:

Popular posts from this blog

Fix For Toshiba Satellite "RTC Battery is Low" Error (with Pictures)

RTC Battery is Low Error on a Toshiba Satellite laptop "RTC Battery is Low..." An error message flashing while you try to boot your laptop is enough to panic many people. But worry not! "RTC Battery" stands for Real-Time Clock battery which almost all laptops and PCs have on their motherboard to power the clock and sometimes to also keep the CMOS settings from getting erased while the system is switched off.  It is not uncommon for these batteries to last for years before requiring a replacement as the clock consumes very less power. And contrary to what some people tell you - they are not rechargeable or getting charged while your computer or laptop is running. In this article, we'll learn everything about RTC batteries and how to fix the error on your Toshiba Satellite laptop. What is an RTC Battery? RTC or CMOS batteries are small coin-shaped lithium batteries with a 3-volts output. Most laptops use

The Best Way(s) to Comment out PHP/HTML Code

PHP supports various styles of comments. Please check the following example: <?php // Single line comment code (); # Single line Comment code2 (); /* Multi Line comment code(); The code inside doesn't run */ // /* This doesn NOT start a multi-line comment block /* Multi line comment block The following line still ends the multi-line comment block //*/ The " # " comment style, though, is rarely used. Do note, in the example, that anything (even a multi-block comment /* ) after a " // " or " # " is a comment, and /* */ around any single-line comment overrides it. This information will come in handy when we learn about some neat tricks next. Comment out PHP Code Blocks Check the following code <?php //* Toggle line if ( 1 ) {      // } else {      // } //*/ //* Toggle line if ( 2 ) {      // } else {      // } //*/ Now see how easy it is to toggle a part of PHP code by just removing or adding a single " / " from th

Introduction to Operator Overloading in C++

a1 = a2 + a3; The above operation is valid, as you know if a1, a2 and a3 are instances of in-built Data Types . But what if those are, say objects of a Class ; is the operation valid? Yes, it is, if you overload the ‘+’ Operator in the class, to which a1, a2 and a3 belong. Operator overloading is used to give special meaning to the commonly used operators (such as +, -, * etc.) with respect to a class. By overloading operators, we can control or define how an operator should operate on data with respect to a class. Operators are overloaded in C++ by creating operator functions either as a member or a s a Friend Function of a class. Since creating member operator functions are easier, we’ll be using that method in this article. As I said operator functions are declared using the following general form: ret-type operator#(arg-list); and then defining it as a normal member function. Here, ret-type is commonly the name of the class itself as the ope