File Handling in PHP - Page 3
       by Jeff Wheeler aka nokrev | 5 July 2006

Yay, this is the last page! In the previous page you learned more practical file handling tricks, and we will wrap things up on this page.

Uploading Files
Allowing users to upload files is a necessity of many sites, so, how does one do that, exactly? Turns out, there's some handy documentation written on that. Having trouble getting all that? Well, here's some help that's slightly easier to digest.

  1. First, you'll need an html page where the form will lie. This form must define the max file-size for the upload, and must have the file upload field itself.

    The MAX_FILE_SIZE defines the largest possible file-size, in bytes, of course. The name attribute of the upload field (designated by the file value for the type attribute) is the important part, as we will later use this in our script to know which file to upload (this is used to support multiple uploads).
  2. Next, we have to upload the file. But first, it's important to understand the $_FILE[] array.

    In the $_FILE[] array, there's one entry for each upload field in the form which sent the user to this script. So, in our case, there is one index named 'userfield', for the one field with that name in our form. Each value in the array is also an associative array, with the following keys and values (reworded for clarity from documentation):
Key Value
'name' The filename used on the client's computer.
'type' The mime-type of the file (e.g. image/gif). The browser doesn't always provide this, and the value should not be assumed to be correct.
'size' Size of uploaded file (in bytes).
'tmp_name' The filename given to the uploaded file, which should immediately be moved and renamed upon successful upload. The location is irrelevant, because the methods you use to move the file (move_uploaded_file, which I use later) are aware of the location.
'error' The error code (or success code, if 0) for the problem which occurred during upload. (Error Codes)

Table 1: A summary of the keys and values

  1. So, now we can get down to business. We start by getting the filename we will want to give the uploaded file, and the directory where we will want to put it.

    The use of basename is absolutely necessary. Without this, you're running a huge security risk. If a user were to upload a file with a name that started with a relative path going up, such as ../../../, they would eventually get to root, and could navigate to anywhere on the filesystem by putting in more directories after the original starting path.

    Warning: It is very important that you make sure the server has permissions to write to this directory. If your server is running any distro of Linux or Mac OS X, you'll likely need to chmod the directory.
  2. Next, you simply need to move the uploaded file to $target_file. I suggest doing this in an if, in order to test for success.


That's really all there is to it. Pretty simple, huh? You can expand on this, by reading PHP's documentation on serializing and unserializing objects. If you have any questions, feel free to post them on the forums.
Jeff Wheeler


1 | 2 | 3

SUPPORTERS:'s fast and reliable hosting provided by Media Temple.