Course Banner


File Upload

Uploading file or images is one of the important activity which the users or website admin require . And as a PHP web developer, you will frequently need to provide this facility to website admin or user. In this section of tutorial, you will learn how you can upload image and delete it.

Here is the sample code:

< !DOCTYPE html>
< html>
< head>
< title>File Upload< /title>
< /head>
< body> < form method="post"action="" enctype="multipart/form-data">
< strong>Select File:< /strong>< input type="file" name="img">< br>
< input type="submit" name="submit" value="upload">
< /form>
< /body>
< /html>

If you notice above code, you will fine two important points. First, the input type is 'file' which you must write for upload file.

And the second most important thing is form enctype="multipart/form-data". If you don't write this then file uploading will not work.

<?php
  1. if($_FILES){
  2. print"< pre/>";
  3. print_r($_FILES);
  4. }
  5. ?>

Result:

And the result is :


From above code you can see the image is passed as two dimensional array as key pair value. The key of array is the file name, that is 'img' and the value is an array itself with several information.

Here is the explanation of above code.

Name

Description

Name

Name of the image

Type

This contains two part. First is the type of file and second part is the sub-type of that file.

tmp_name

Before uploading the actual image, the image is temporarily stored in our machines temp folder and a temporary name is given.

Error

0 means there is no error

Size

This is the size of file in bytes.

Now that we have seen the anatomy of file data. Lets write code to upload the file

This time we have modified the code to look like this.

<?php
  1. if($_POST){
  2. /* print"< pre>"; */
  3. /* print_r($_FILES); */
  4. if(!empty($_FILES)){
  5. $img_name = $_FILES['img']['name'];
  6. /*
  7. $img_size = $_FILES['size'];
  8. $img_error = $_FILES['error'];
  9. */
  10. move_uploaded_file($_FILES["img"]["tmp_name"],"upload/" . $img_name);
  11.       echo"Stored in: " . "upload/" . $_FILES["img"]["name"];
  12. }
  13. }
  14. ?>

< !DOCTYPE html>
< html>
< head>
< title>File Upload< /title>
< /head>
< body>
< form method="post" action="" enctype="multipart/form-data">
< strong>Select File:< /strong>< input type="file" name="img">< br>
< input type="submit" name="submit" value="upload">
< /form>
< /body>
< /html>


And below is the file uploaded

There are two main things in the above code.

$img_name = $_FILES['img']['name'];

We stored the image name in a variable called $img_name;

And

move_uploaded_file($_FILES["img"]["tmp_name"],"upload/" . $img_name);

move_uploaded_file is the actual PHP file upload function which does the uploading task.

The above function requires two parameters.

First is image's temporary name and second parameter is the path name with image name.

Here the upload folder must exist or you have to create the folder into your directory. Also,directory must be writable on the server.

The above code worked well and uploaded image also. But, there are several problems with that.

  • ● It does not check any file type
  • ● It does not check if the file already exists. If there is same name then previous file will be overwritten.
  • ● It does not check the file size
  • ● It also does not check if the directory exists or not or if exists, its writable or not.
  • ● What will happen if the file already exists? will user have to rename the file name and then upload?

Below is the complete code with all the problems fixed.

<?php
  1. if($_POST){
  2. $allowed_filetypes = array('.jpg','.jpeg','.png','.g<span class='echo'>if');
  3. /*FIRST WE DEFINE THE ALLLOWED IMAGE TYPES*/
  4. $max_filesize = 10485760;
  5. /* WE DEFINE THE MAX FILE SIZE*/
  6. $upload_path = 'upload/';
  7. /*image upload directory*/
  8. $filename = $_FILES['img']['name'];
  9. $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
  10. /*suppose there is any image name which contains . in the file name. It detechts and removes that first*/
  11. if(!in_array($ext,$allowed_filetypes))
  12. die("Only '.jpg','.jpeg','.png','.g<span class='echo'>if' are allowed");
  13. if(filesize($_FILES['img']['tmp_name']) >$max_filesize)
  14. die('The file you attempted to upload is too large.');
  15. if(!is_writable($upload_path))
  16. die('Either directory does not exists or is not writable.');
  17. if (file_exists("upload/" . $_FILES["img"]["name"]))
  18. die( $_FILES["img"]["name"] . " already exists. ");
  19. if(move_uploaded_file($_FILES['img']['tmp_name'],$upload_path . $filename)) {
  20. /*
  21. $query = "INSERT INTO uploads (name, description) VALUES ($filename, $description)";
  22. mysql_query($query);
  23. */
  24.       echo'Your file upload was successful!';
  25. } else {
  26.       echo'There was an error during the file upload. Please try again.';
  27. }
  28. }
  29. ?>