It is very useful, for example when providing downloads, to create a file uploads system. A useful function in PHP is HTTP upload. It will allow you to upload files from your PC, via a browse box, to the web server. This tutorial will show you how to do that.
HTML Form
The first thing you will need is a simple HTML page that will allow you to browse for the file you want to upload, then upload it. This can be accomplished with the following HTML:
HTML Code:
<html>
<head>
<title>Upload</title>
</head>
<body>
<h1>Upload</h1>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000"> File:
<input name="userfile" type="file">
<input type="submit" value="Upload">
</form>
</body>
</html>
Some important points:
This form uses POST as it will not work with GET.
enctype="multipart/form-data" tells the server that a file is being submitted with standard form data.
input type="hidden" name="MAX_FILE_SIZE" value="1000000" tells the server the maximum file size the file can be. It is shown in bytes. The current setting is approximately 1Mb.
input name="userfile" type="file" this is the input of the file.
The PHP
To actually upload the file, you need PHP to process the file. After submitting the form, the file will go into a location in on the server on a temporary basis, the server's default temp directory. The script will move it to the right place otherwise it will be deleted. A number of variables are passed to the script:
The value stored in $_FILE['userfile']['tmp_name'] is where the file is temporarily stored on the server.
The value stored in $_FILE['userfile']['name'] is the file's name on the system the file was uploaded from.
The value stored in $_FILE['userfile']['size'] is the size of the uploaded file (in bytes).
The value stored in $_FILE['userfile']['type'] is the MIME type of the file such as image/gif.
The value stored in $_FILE['userfile']['error'] is any error that have been generated as a result of the upload.
The script will copy the file to the correct location and the temporary file will be deleted. The script that will do all this is shown below. This will only accept plain text uploads and will move the file to a directory called /uploads:
PHP Code:
<?php
// $userfile is where file went on webserver
$userfile = $HTTP_POST_FILES['userfile']['tmp_name'];
// $userfile_name is original file name
$userfile_name = $HTTP_POST_FILES['userfile']['name'];
// $userfile_size is size in bytes
$userfile_size = $HTTP_POST_FILES['userfile']['size'];
// $userfile_type is mime type e.g. image/gif
$userfile_type = $HTTP_POST_FILES['userfile']['type'];
// $userfile_error is any error encountered
$userfile_error = $HTTP_POST_FILES['userfile']['error'];
// userfile_error was introduced at PHP 4.2.0
// use this code with newer versions
if ($userfile_error > 0) {
echo 'Problem: ';
switch ($userfile_error)
{ case 1:
echo 'File exceeded upload_max_filesize';
break;
case 2:
echo 'File exceeded max_file_size';
break;
case 3:
echo 'File only partially uploaded';
break;
case 4:
echo 'No file uploaded';
break;
}
exit;
}
// put the file where we'd like it
$upfile = '/uploads/'.$userfile_name;
// is_uploaded_file and move_uploaded_file
if (is_uploaded_file($userfile))
{
if (!move_uploaded_file($userfile, $upfile))
{
echo 'Problem: Could not move file to destination directory';
exit;
}
} else {
echo 'Problem: Possible file upload attack. Filename: '.$userfile_name;
exit;
}
echo 'File uploaded successfully<br /><br />';
// show what was uploaded
echo 'Preview of uploaded file contents:<br /><hr />';
echo $contents;
echo '<br /><hr />';
?>
The code will check to make sure the file is the right size, then move it to the correct location (/uploads). Finally, the content of the file is displayed to show the user what they uploaded.
The error checking system is a new feature in PHP 4.2.0 and has the following codes:
UPLOAD_ERROR_OK - Value 0 - No error
UPLOAD_ERR_INI_SIZE - Value 1 - Size of uploaded file exceeds the amount specified in upload_max_filesize directive
UPLOAD_ERR_FORM_SIZE - Value 2 - Size of uploaded file exceeds the amount specified in the HTML form
UPLOAD_ERR_PARTIAL - Value 3 - File was only partially uploaded
UPLOAD_ERR_NO_FILE - Value 4 - No file upload
These are used to provide an error message to the user in the code.
Using this system, you can now offer file uploads on you site!!!
Addition: After feedback from readers, it has been discovered that this script may not work if Safe Mode is enabled within PHP on your server.
LinkBack URL
About LinkBacks
Reply With Quote 
