Quick Contact

    File uploading Concepts
    File Upload

    With PHP, it is easy to upload files to the server.

    However, with ease comes danger, so always be careful when allowing file uploads!

    Configure The php.ini File

    First, ensure that PHP is configured to allow file uploads.

    In your php.ini file, search for the file_uploads directive, and set it to On:

    file_uploads = On
    Create The HTML Form

    Next, create an HTML form that allow users to choose the image file they want to upload:

    <!DOCTYPE html>
    <html>
    <body>
    <form action="upload.php" method="post" enctype="multipart/form-data">
        Select image to upload:
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload Image" name="submit">
    </form>
    </body>
    </html>
    

    Some rules to follow for the HTML form above:

    • Make sure that the form uses method=post
    • The form also needs the following attribute: enctype=multipart/form-data. It specifies which content-type to use when submitting the form

    Without the requirements above, the file upload will not work.

    Other things to notice:

    • The type=file attribute of the <input> tag shows the input field as a file-select control, with a Browse button next to the input control

    The form above sends data to a file called upload.php, which we will create next.

    Create The Upload File PHP Script

    The upload.php file contains the code for uploading a file:

    <?php
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    // Check if image file is a actual image or fake image
    if(isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if($check !== false) {
            echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;
        } else {
            echo "File is not an image.";
            $uploadOk = 0;
        }
    }
    ?>
    

    PHP script explained:

    • $target_dir = uploads/ – specifies the directory where the file is going to be placed
    • $target_file specifies the path of the file to be uploaded
    • $uploadOk=1 is not used yet (will be used later)
    • $imageFileType holds the file extension of the file (in lower case)
    • Next, check if the image file is an actual image or a fake image
    Check if File Already Exists

    Now we can add some restrictions.

    First, we will check if the file already exists in the uploads folder. If it does, an error message is displayed, and $uploadOk is set to 0:

    if (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $uploadOk = 0;
    }
    
    Limit File Size

    The file input field in our HTML form above is named fileToUpload.

    Now, we want to check the size of the file. If the file is larger than 500KB, an error message is displayed, and $uploadOk is set to 0:

    if ($_FILES["fileToUpload"]["size"] > 500000) {
        echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }
    
    Limit File Type

    The code below only allows users to upload JPG, JPEG, PNG, and GIF files. All other file types gives an error message before setting $uploadOk to 0:

    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    
    Complete Upload File PHP Script

    The complete upload.php file now looks like this:

    <?php
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    // Check if image file is a actual image or fake image
    if(isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if($check !== false) {
            echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;
        } else {
            echo "File is not an image.";
            $uploadOk = 0;
        }
    }
    // Check if file already exists
    if (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $uploadOk = 0;
    }
    // Check file size
    if ($_FILES["fileToUpload"]["size"] > 500000) {
        echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }
    // Allow certain file formats
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
        } else {
            echo "Sorry, there was an error uploading your file.";
        }
    }
    ?>
    
    Multiple File Upload
    Uploading Multiple Files

    Multiple files can be uploaded using different name for input.

    It is also possible to upload multiple files simultaneously and have the information organized automatically in arrays for you. To do so, you need to use the same array submission syntax in the HTML form as you do with multiple selects and checkboxes:

    Example

    <form action="file-upload.php" method="post" enctype="multipart/form-data">
      Send these files:<br />
    <input name="userfile[]" type="file" /><br />
    <input name="userfile[]" type="file" /><br />
    <input type="submit" value="Send files" />
    </form>
    

    When the above form is submitted, the arrays $_FILES[‘userfile’], $_FILES[‘userfile’][‘name’], and $_FILES[‘userfile’][‘size’] will be initialized (as well as in $HTTP_POST_FILES for PHP versions prior to 4.1.0). When register_globals is on, globals for uploaded files are also initialized. Each of these will be a numerically indexed array of the appropriate values for the submitted files.

    For instance, assume that the filenames /home/test/review.html and /home/test/xwp.out are submitted. In this case, $_FILES[‘userfile’][‘name’][0] would contain the value review.html, and $_FILES[‘userfile’][‘name’][1] would contain the value xwp.out. Similarly, $_FILES[‘userfile’][‘size’][0] would contain review.html’s file size, and so forth.

    $_FILES[‘userfile’][‘name’][0], $_FILES[‘userfile’][‘tmp_name’][0], $_FILES[‘userfile’][‘size’][0], and $_FILES[‘userfile’][‘type’][0] are also set.

    Downloading File from Server using Header
    Downloading Files with PHP

    Normally, you don’t necessarily need to use any server side scripting language like PHP to download images, zip files, pdf documents, exe files, etc. If such kind of file is stored in a public accessible folder, you can just create a hyperlink pointing to that file, and whenever a user click on the link, browser will automatically downloads that file.

    Example

    <a href="downloads/test.zip">Download Zip file</a>
    <a href="downloads/masters.pdf">Download PDF file</a>
    <a href="downloads/sample.jpg">Download Image file</a>
    <a href="downloads/setup.exe">Download EXE file</a>

    Clicking a link that points to a PDF or an Image file will not cause it to download to your hard drive directly. It will only open the file in your browser. Further you can save it to your hard drive. However, zip and exe files are downloaded automatically to the hard drive by default.

    Forcing a Download Using PHP

    You can force images or other kind of files to download directly to the user’s hard drive using the PHP readfile() function. Here we’re going to create a simple image gallery that allows users to download the image files from the browser with a single mouse click.

    Let’s create a file named image-gallery.php and place the following code inside it.

    Example

    <!DOCTYPE html>
    <html lang="en">
    <head>
    <meta charset="UTF-8">
    <title>Simple Image Gallery</title>
    <style type="text/css">
        .img-box{
            display: inline-block;
            text-align: center;
            margin: 0 15px;
        }
    </style>
    </head>
    <body>
    <?php
    // Array containing sample image file names
        $images = array("kites.jpg", "balloons.jpg");
    
    // Loop through array to create image gallery
        foreach($images as $image){
            echo '<div class="img-box">';
                echo '<img src="images/' . $image . '" width="200" alt="' .  pathinfo($image, PATHINFO_FILENAME) .'">';
                echo '<p><a href="download.php?file=' . urlencode($image) . '">Download</a></p>';
            echo '</div>';
        }
        ?>
    </body>
    </html>
    

    If you see the above example code carefully, you’ll find the download link pints to a download.php file, the URL also contains image file name as a query string. Also, we’ve used PHP urlencode() function to encode the image file names so that it can be safely passed as URL parameter, because file names may contain URL unsafe characters.

    Here’s the complete code of download.php file, which force image download.

    Example

    <?php
    if(isset($_REQUEST["file"])){
    // Get parameters
        $file = urldecode($_REQUEST["file"]); // Decode URL-encodedstring
        $filepath = "images/" . $file;
    
    // Process download
        if(file_exists($filepath)) {
            header('Content-Description: File Transfer');
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename="'.basename($filepath).'"');
            header('Expires: 0');
            header('Cache-Control: must-revalidate');
            header('Pragma: public');
            header('Content-Length: ' . filesize($filepath));
            flush(); // Flush system output buffer
            readfile($filepath);
            exit;
        }
    }
    ?>
    

    Similarly, you can force download other files formats like word doc, pdf files, etc.

    Summary

    The points summarizes the topic above:

    • With PHP, it is easy to upload files to the server.However, with ease comes danger, so always be careful when allowing file uploads!
    • The file input field in our HTML form above is named fileToUpload.
    • Multiple files can be uploaded using different name for input.
    • It is also possible to upload multiple files simultaneously and have the information organized automatically in arrays for you.
    • Normally, you don’t necessarily need to use any server side scripting language like PHP to download images, zip files, pdf documents, exe files, etc.

    Enrolled Courses – PHP Traning

    Copyright 1999- Ducat Creative, All rights reserved.