Skip to main content

Uploading files using PHP

In this tutorial, I’m going to show you how upload files from a client web broswser to a web server. To do this we need to configure first our PHP for file uploads. Open php.ini then make sure to set the following:

• file_uploads – must be set to (“on” or set to “true” or “1”) so that the php will accept file upload
• upload_tm_dir – is where we’re going to upload file temporarily, and it uses system’s tmp dir.
• post_max_size – maximum size to anypost request is 8MB.
• upload_max_filesize – the upload maximum filesize is set by default to 2MB.
• max_execution_time – how long is the execution time basically it is set to 30 seconds
• max_input_time- it is set to -1 meaning it has no limit
• memory_limit-how much is each script allowed to use and the default is set to 128MB.

At this time, we’re going to create our web directory. And I will name it as “upload” and inside upload folder I’m going to create a new directory called “uploads”, where all the uploaded files is going to save.

Next we will create a new PHP file named “upload.php”. And save it inside the upload folder. Then we will add the following code to upload.php. and heres the code:

  2. <html>
  3. <head>
  4. <title>upload </title>
  5. </head>
  6. <body>
  7. <form action="upload.php" enctype="multipart/form-data" method="POST">
  8. <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
  9. <input type="file" name="upload_file">
  10. <input type="submit" name="submit" value="Upload">
  12. </form>
  13. </body>
  14. </html>

The code above is very basic HTML code, that it will post to itself upload.php, and will some variables in t he inputs and the submit button. And above the html we’re going to add some PHP code to do some processing.

Only the differnce in using this HTML code is that there is enctype=”multipart/form-data”, it is the enclosure type and that’s viewingt us know that we’re not submitting text only but there maybe files also.

And the next thing is, in the input type since we’re inputting we will use “file” as type. And the name is “upload_file”.

And one of the important part here in the html code is <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> and the maximum file size in bytes, and must be declared before the file input field and can’t be larger than the setting for “upload_max_filesize” in php.ini.

This time we’re going to add php code above the HTML form. And here’s the code:
This code will give us some messages when file is uploaded successfully or not.

  1. <?php if(!empty($message)) { echo "<p>{$message}</p>";}?>

Now we have already web forms ready for submitting, we need to understand first the concepts on how to inspect the uploaded files. To do this, we need look at the new superglobals called $_FILES. This $_FILES is going to contain any file submitted during the POST request.

To access this $_FILES is to say what is the name of those input field. In our case its “upload_file”. So the way use this  $_FILES[‘upload_file’]. And this $_FILE[‘upload_file’] will return an associative array and will give us five pieces of data and these are the following:
Example : $_FILES[‘upload_file’][‘name’]

• name – it will contain the original file name 
• type –  the type (“image/gif”)
• size –  the size in bytes
• tmp_name – temp file name on the server
• error – error code

At this time, we’re going to look at the possible error when we upload files. And below are file upload error:

UPLOAD_ERR_OK		        0   it means no error
UPLOAD_ERR_INI_SIZE		1    it means that upload is larger than the specified upload_max_filesize
UPLOAD_ERR_FORM_SIZE	2   it says the Form size was to large or Larger than MAX_FILE_SIZE
UPLOAD_ERR_PARTIAL		3   it means that it is a partial upload or the file didn’t finished
UPLOAD_ERR_NO_FILE		4   No file has sent all
UPLOAD_ERR_NO_TMP_DIR	6   No temporary directory
UPLOAD_ERR_CANT_WRITE	7   it means that we cant write to the disk or it is read only
UPLOAD_ERR_EXTENSION	8  file upload stopped by extension

Now let’s proceed to apply this error code and display it into message. To do this, add the following this PHP code above the HTML code:
This code below, is that first we create an upload_errors as an array so that every time there’s an error it will look into the array and find key and give the corresponding message. And on the form is submit to itself then move the file out of the temporary directory into our “uploads” folder. But before to move the file we need to specify first the temporary directory, then we need also to specify the name of the directory that we’re going to put our file.

  1. <?php
  2. $upload_errors = array(
  3. UPLOAD_ERR_OK => "No errors.",
  4. UPLOAD_ERR_INI_SIZE => "Larger than upload_max_filesize.",
  5. UPLOAD_ERR_FORM_SIZE => "Larger than form MAX_FILE_SIZE.",
  6. UPLOAD_ERR_PARTIAL => "Partial upload.",
  7. UPLOAD_ERR_NO_FILE => "No file.",
  8. UPLOAD_ERR_NO_TMP_DIR => "No temporary directory.",
  9. UPLOAD_ERR_CANT_WRITE => "Can't write to disk.",
  10. UPLOAD_ERR_EXTENSION => "File upload stopped by extension.",
  11. );
  12. if (isset($_POST['submit'])){
  13. $tmp_file = $_FILES['upload_file']['tmp_name'];
  14. @$target_file = basename($_FILES['upload_file']['name']);
  15. $upload_dir = "uploads";
  17. if (move_uploaded_file($tmp_file,$upload_dir."/".$target_file)){
  18. echo "File uploaded Succesfully";
  19. }else{
  20. $error = $_FILES['upload_file']['error'];
  21. $message = $upload_errors[$error];
  22. }
  24. }
  26. ?>

And here’s all the code in th tutorial:
  1. <?php
  3. $upload_errors = array(
  4. UPLOAD_ERR_OK => "No errors.",
  5. UPLOAD_ERR_INI_SIZE => "Larger than upload_max_filesize.",
  6. UPLOAD_ERR_FORM_SIZE => "Larger than form MAX_FILE_SIZE.",
  7. UPLOAD_ERR_PARTIAL => "Partial upload.",
  8. UPLOAD_ERR_NO_FILE => "No file.",
  9. UPLOAD_ERR_NO_TMP_DIR => "No temporary directory.",
  10. UPLOAD_ERR_CANT_WRITE => "Can't write to disk.",
  11. UPLOAD_ERR_EXTENSION => "File upload stopped by extension.",
  12. );
  14. if (isset($_POST['submit'])){
  15. $tmp_file = $_FILES['upload_file']['tmp_name'];
  16. @$target_file = basename($_FILES['upload_file']['name']);
  17. $upload_dir = "uploads";
  19. if (move_uploaded_file($tmp_file,$upload_dir."/".$target_file)){
  20. echo "File uploaded Succesfully";
  21. }else{
  22. $error = $_FILES['upload_file']['error'];
  23. $message = $upload_errors[$error];
  24. }
  26. }
  28. ?>
  29. <html>
  30. <head>
  31. <title>upload </title>
  32. </head>
  33. <body>
  34. <?php if(!empty($message)) { echo "<p>{$message}</p>";}?>
  35. <form action="upload.php" enctype="multipart/form-data" method="POST">
  36. <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
  37. <input type="file" name="upload_file">
  38. <input type="submit" name="submit" value="Upload">
  40. </form>
  41. </body>
  42. </html>

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.


1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.