2. Uploading a file with PHP
• To upload a file you need a form for the user
to select the file. Create a new HTML page
called upload.php (it's actually HTML so you
don't need the PHP element):
3. Uploading a file with PHP
<form enctype="multipart/form-data"
method="post" action="upload2.php">
<p><input type="file" name="file01" /></p>
<p><input type="submit" /></p>
</form>
• The ENCTYPE sets the type of data to be sent
by the form. Setting the field TYPE to file gives
a button to launch the browser's file dialog.
4. Uploading a file with PHP
• Then create upload2.php to process the file:
echo "<pre>";
print_r($_FILES);
echo "</pre>";
$oldname=$_FILES["file01"]["name"];
$tempname=$_FILES["file01"]["tmp_name"];
move_uploaded_file($tempname, $oldname);
5. Uploading a file with PHP
• $_FILES is the super global which holds
information about all uploaded files. It is an
associative array which holds a number of other
arrays (each one of these holds information
about a single file). You need to tell PHP which of
the files you want using the appropriate key (the
name of the form file field). In this case there is
only one file called 'file01' (because that was the
name in the form). The PRINT_R is there for you
to see the structure of the array and is not
needed.
6. Uploading a file with PHP
• When the form is submitted to the server the file
is uploaded. It is placed in a temporary location
and information about it is stored in $_FILES. The
middle two lines set up some variables. The first
holds the name of the file which was uploaded.
The second one holds the name it has been given
temporarily.
• The built-in PHP function move_uploaded_file()
moves the temporary file to its intended location
and renames it. Normally that would be in a
special "uploads" directory for security.
7. Uploading a file with PHP
• You can improve this upload page a lot:
$type=$_FILES['file01']['type'];
$size=$_FILES['file01']['size'];
$oldname=$_FILES['file01']['name'];
$tempname=$_FILES['file01']['tmp_name'];
if($size<=50000 && $type=="text/html") {
if (move_uploaded_file($tempname, $oldname)){
echo "<p>The file was uploaded successfully</p>";
} else {
echo "<p>Sorry, no good</p>";
}
} else {
echo "<p>Sorry that file cannot be uploaded.</p>";
}
8. Uploading a file with PHP
• You should be able to spot:
– an IF statement which only allows the upload if a file
is less than a certain size and is a text file
– an IF ELSE statement which checks whether the
upload worked or not and gives a message in each
case
• Allowing uploads on your site is potentially
dangerous as there is no control over what is
uploaded or by who. By adding limits on the file
size or type and allowing only logged on users to
access the page risks can be reduced.