Latest web development tutorials

PHP File Upload

By PHP, you can upload files to the server.

Examples in this section under test project is complete, the directory structure:

test
|-----upload             # 文件上传的目录
|-----form.html          # 表单文件
|-----upload_file.php    # php 上传代码

Create a file upload form

Allows users to upload files from a form is useful.

Consider the following HTML form for uploading files:

<html>
<head>
<meta charset="utf-8">
<title>本教程(w3big.com)</title>
</head>
<body>

<form action="upload_file.php" method="post" enctype="multipart/form-data">
	<label for="file">文件名:</label>
	<input type="file" name="file" id="file"><br>
	<input type="submit" name="submit" value="提交">
</form>

</body>
</html>

Save the above code to form.html file.

A few items related to the above HTML form are listed below:

  • <form> tag enctypeattribute specifies the content when submitting a form which type to use. When form requires binary data, such as file content, use the"multipart / form-data".
  • <input> tag type = "file"attribute specifies the input should be treated as files. For example, when you preview in a browser, you will see next to the input box has a Browse button.

Note: Allow users to upload files is a huge security risk.Please only allows trusted users to perform file uploads.


Create upload script

"Upload_file.php" file contains the code for uploading files:

<?php
if ($_FILES["file"]["error"] > 0)
{
	echo "错误:" . $_FILES["file"]["error"] . "<br>";
}
else
{
	echo "上传文件名: " . $_FILES["file"]["name"] . "<br>";
	echo "文件类型: " . $_FILES["file"]["type"] . "<br>";
	echo "文件大小: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
	echo "文件临时存储的位置: " . $_FILES["file"]["tmp_name"];
}
?>

By using PHP global arrays $ _FILES, you can upload files to a remote server from the client computer.

The first parameter is the form input name, the second subscript can be a "name", "type", "size", "tmp_name" or "error". As follows:

  • $ _FILES [ "File"] [ "name"] - the name of the uploaded file
  • $ _FILES [ "File"] [ "type"] - Upload file types
  • $ _FILES [ "File"] [ "size"] - upload file size in bytes
  • $ _FILES [ "File"] [ "tmp_name"] - a temporary copy is stored in the file server's name
  • $ _FILES [ "File"] [ "error"] - the error code resulting from the file upload

This is a very simple file uploads. Based on security considerations, you should increase the restrictions on which users are allowed to upload files.


Upload limit

In this script, we have added to the file upload limit. Users can only upload .gif, .jpeg, .jpg, .png file, the file size must be less than 200 kB:

<?php
// 允许上传的图片后缀
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);        // 获取文件后缀名
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 204800)    // 小于 200 kb
&& in_array($extension, $allowedExts))
{
	if ($_FILES["file"]["error"] > 0)
	{
		echo "错误:: " . $_FILES["file"]["error"] . "<br>";
	}
	else
	{
		echo "上传文件名: " . $_FILES["file"]["name"] . "<br>";
		echo "文件类型: " . $_FILES["file"]["type"] . "<br>";
		echo "文件大小: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
		echo "文件临时存储的位置: " . $_FILES["file"]["tmp_name"];
	}
}
else
{
	echo "非法的文件格式";
}
?>


Save the file to be uploaded

The example above is to create a temporary copy of the uploaded file in a temporary file server PHP folder.

The temporary copy of the file will disappear at the end of the script. To save a file is uploaded, we need to copy it to another location:

<?php
// 允许上传的图片后缀
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
echo $_FILES["file"]["size"];
$extension = end($temp);     // 获取文件后缀名
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 204800)   // 小于 200 kb
&& in_array($extension, $allowedExts))
{
	if ($_FILES["file"]["error"] > 0)
	{
		echo "错误:: " . $_FILES["file"]["error"] . "<br>";
	}
	else
	{
		echo "上传文件名: " . $_FILES["file"]["name"] . "<br>";
		echo "文件类型: " . $_FILES["file"]["type"] . "<br>";
		echo "文件大小: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
		echo "文件临时存储的位置: " . $_FILES["file"]["tmp_name"] . "<br>";
		
		// 判断当期目录下的 upload 目录是否存在该文件
		// 如果没有 upload 目录,你需要创建它,upload 目录权限为 777
		if (file_exists("upload/" . $_FILES["file"]["name"]))
		{
			echo $_FILES["file"]["name"] . " 文件已经存在。 ";
		}
		else
		{
			// 如果 upload 目录不存在该文件则将文件上传到 upload 目录下
			move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
			echo "文件存储在: " . "upload/" . $_FILES["file"]["name"];
		}
	}
}
else
{
	echo "非法的文件格式";
}
?>

The above script detects whether the file already exists, if not, put the files are copied to a directory called "upload" of.

Demo file upload operation is as follows: