Through PHP, files can be uploaded to the server.
The examples in this chapter are completed under the test project, and the directory structure is:
test|-----upload # Directory for file upload|-----form.html # Form file|-----upload_file.php # PHP upload code
Allowing users to upload files from a form is very useful.
Take a look at the following HTML form for uploading files:
<html><head><meta charset="utf-8"><title>Coder Tutorial (codercto.com)</title></head><body><form action="upload_file.php" method=" post" enctype="multipart/form-data"> <label for="file">File name:</label> <input type="file" name="file" id="file"><br> <input type="submit" name="submit" value="Submit"></form></body></html>
Save the above code into the form.html file.
Some notes about the HTML form above are listed below:
The enctype attribute of the <form> tag specifies which content type to use when submitting the form. When a form requires binary data, such as file content, use " multipart/form-data ".
The type="file" attribute of the <input> tag specifies that the input should be processed as a file. For example, when previewing in a browser, you'll see a browse button next to the input box.
Note: Allowing users to upload files is a huge security risk. Please allow only trusted users to perform file upload operations.
The "upload_file.php" file contains code for uploading files:
<?phpif ($_FILES["file"]["error"] > 0){ echo "Error:" . $_FILES["file"]["error"] . "<br>";}else{ echo " Upload file name: " . $_FILES["file"]["name"] . "<br>"; echo "File type: " . $_FILES["file"]["type"] . "<br>"; echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "The location where the file is temporarily stored: " . $_FILES[ "file"]["tmp_name"];}?>
By using PHP's global array $_FILES, you can upload files from the client computer to a remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name" or "error". As shown below:
$_FILES["file"]["name"] - the name of the uploaded file
$_FILES["file"]["type"] - Type of uploaded file
$_FILES["file"]["size"] - Size of uploaded file, in bytes
$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] - error code caused by file upload
This is a very simple way to upload files. For security reasons, you should add restrictions on who is allowed to upload files.
In this script, we add restrictions on file uploads. Users can only upload .gif, .jpeg, .jpg, .png files, and the file size must be less than 200 kB:
<?php// Allowed uploaded image suffixes $allowedExts = array("gif", "jpeg", "jpg", "png");$temp = explode(".", $_FILES["file"][" name"]);$extension = end($temp); // Get the file suffix if ((($_FILES["file"]["type"] == "image/gif")|| ($_FILES["file"]["type"] == "image/jpeg")|| ($_FILES["file"]["type"] == "image/jpg")|| ($_FILES[ "file"]["type"] == "image/pjpeg")|| ($_FILES["file"]["type"] == "image/x-png")|| ($_FILES["file"]["type"] == "image/png"))&& ($_FILES["file"]["size"] < 204800) // Less than 200 kb&& in_array($extension, $ allowedExts)){ if ($_FILES["file"]["error"] > 0) { echo "Error:: " . $_FILES["file"]["error"] . "<br>"; } else { echo "Upload file name: " . $_FILES["file"]["name"] . "<br>"; echo "File type: " . $_FILES["file"]["type"] . "<br>"; echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "The location where the file is temporarily stored: " . $_FILES["file"]["tmp_name"]; }}else{ echo "Illegal file format";}?>
The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copy will disappear when the script ends. To save the uploaded file, we need to copy it to another location:
<?php// Allowed uploaded image suffixes $allowedExts = array("gif", "jpeg", "jpg", "png");$temp = explode(".", $_FILES["file"][" name"]);echo $_FILES["file"]["size"];$extension = end($temp); // Get the file suffix if ((($_FILES["file"]["type"] == "image/gif")|| ($_FILES["file"]["type"] == "image/jpeg")|| ($ _FILES["file"]["type"] == "image/jpg")|| ($_FILES["file"]["type"] == "image/pjpeg")|| ($_FILES["file"]["type"] == "image/x-png")|| ($_FILES["file"]["type"] == "image/png"))&& ($ _FILES["file"]["size"] < 204800) // Less than 200 kb&& in_array($extension, $allowedExts)){ if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br>"; } else { echo "Upload file Name: " . $_FILES["file"]["name"] . "<br>"; echo "File type: " . $_FILES["file"]["type"] . "<br>"; echo "File size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "The location where the file is temporarily stored: " . $_FILES["file"]["tmp_name "] . "<br>"; // Determine whether the file exists in the upload directory under the current directory // If there is no upload directory, you need to create it. The upload directory permission is 777 if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " The file already exists. "; } else { // If the file does not exist in the upload directory, upload the file to the upload directory move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"][ "name"]); echo "The file is stored in: " . "upload/" . $_FILES["file"]["name"]; } }}else{ echo "Illegal file format";}?>
The above script checks whether the file already exists. If it does not exist, it copies the file to a directory named "upload".