Professional Documents
Culture Documents
Programming
Important Features
(Server Side Programming)
Important Features
• Form Handling
• Data Sanitization & Validation
• Server Side Includes
• File Upload
• Directory Functions
• File System Functions
• Cookies
• Sessions
• Hash Password Function
PHP
FILE UPLOAD
File Upload Form
• You can upload a file from client machine to server using PHP.
• First you need to create a form
<form action="example-19-file-upload.php"
method="post" enctype="multipart/form-data">
<label for="uf">Filename:</label>
<input type="file" id="uf" name="userfile" />
<input type="submit" name="submit" value="Upload" />
</form>
• The enctype attribute of the <form> tag specifies which content‐type to use when
submitting the form. "multipart/form‐data" is used when a form requires binary data,
like the contents of a file, to be uploaded
• The type="file" attribute of the <input> tag specifies that the input should be
processed as a file. For example, when viewed in a browser, there will be a browse‐
button next to the input field
PHP File Upload
• PHP lets people upload both text and binary files
• Files will, by default be stored in the server's default temporary directory,
unless another location has been given with the upload_tmp_dir directive
in php.ini.
• The temporary copied files disappears when the script ends. To store the
uploaded file we need to copy it to a different location
• With PHP's file manipulation functions, you have full control over what is
to be done with the file once it has been uploaded.
Request & Response
Web Browser
Client Side
TCP/IP
HTTP
Database
Web Browser
TCP/IP TCP/IP
Client Side
HTTP HTTP
DNS
Web Pages / Files
HTTP
Web Browser TCP/IP
Client Side Web Server
Server Side Language
$_FILES
• The global $_FILES exists as of PHP 4.1.0. These arrays will contain all the
uploaded file information.
<?php
if ($_FILES["userfile"]["error"] > 0)
{
echo "Error: " . $_FILES["userfile"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["userfile"]["name"] . "<br />";
echo "Type: " . $_FILES["userfile"]["type"] . "<br />";
echo "Size: " . ($_FILES["userfile"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["userfile"]["tmp_name"];
}
?>
$_FILES
• The global $_FILES exists as of PHP 4.1.0. These arrays will contain all the
uploaded file information.
• The first parameter is the form's input name and the second index can be
either "name", "type", "size", "tmp_name" or "error". Like this:
– $_FILES["userfile"]["name"] ‐ the name of the uploaded file
– $_FILES["userfile"]["type"] ‐ the type of the uploaded file
– $_FILES["userfile"]["size"] ‐ the size in bytes of the uploaded file
– $_FILES["userfile"]["tmp_name"] ‐ the name of the temporary copy of the file
stored on the server
– $_FILES["userfile"]["error"] ‐ the error code resulting from the file upload
• This is a very simple way of uploading files. For security reasons, you
should add restrictions on what the user is allowed to upload.
Move to Permanent Location
<?php
if ($_FILES["userfile"]["error"] > 0)
{
echo "Error: " . $_FILES["userfile"]["error"] . "<br />";
}
else
{
move_uploaded_file( $_FILES["userfile"]["tmp_name"],
"upload/" . $_FILES["userfile"]["name"] );
}
?>
You Can Check If Already Exists
<?php
if ($_FILES["userfile"]["error"] > 0)
{
echo "Error: " . $_FILES["userfile"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["userfile"]["name"]))
{
echo $_FILES["userfile"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["userfile"]["tmp_name"],
"upload/" . $_FILES["userfile"]["name"]);
}
}
?>
Check File Types / File Size
<?php
// You can check FILE TYPES or FILE SIZE before you do anything below
if ($_FILES["userfile"]["error"] > 0)
{
echo "Error: " . $_FILES["userfile"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["userfile"]["name"]))
{
echo $_FILES["userfile"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["userfile"]["tmp_name"],
"upload/" . $_FILES["userfile"]["name"]);
}
}
?>
Check File Types / File Size
<?php
$maxFileSize = 5 * 1024 * 1024; // 5 MB
if ((($_FILES["userfile"]["type"] == "image/jpeg") ||
($_FILES["userfile"]["type"] == "image/pjpeg"))
&& ($_FILES["userfile"]["size"] < $maxFileSize))
{
}
?>
Common File Types
• JPEG = image/jpeg, image/pjpeg
• PNG = image/png
• OGG = video/ogg
• MP4 = video/mp4
• MP3 = audio/mpeg, audio/mp3
• GZIP = application/gzip
• ZIP = application/zip
• PDF = application/pdf
• Binary Files = application/octet‐stream
MIME Type List: https://www.iana.org/assignments/media‐types/media‐types.xhtml
$_FILES, Restrictions & Saving Files
<?php
move_uploaded_file($_FILES["userfile"]["tmp_name"],"upload/" .
$_FILES["userfile"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["userfile"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
See: Example 19 (Single File)
UPLOADING MULTIPLE FILES
Multiple Files Upload Form
• First you need to create a form
<form action="example-19-multifile-upload.php"
method="post" enctype="multipart/form-data">
<label for="uf">Filename:</label>
<input type="file" id="uf" name="userfile[]" multiple />
<input type="submit" name="submit" value="Upload" />
</form>
Process Multiple Files
<?php
$fileCount = count($_FILES['userfile']['name']);
for($i=0;$i<$fileCount;$i++){
if ($_FILES["userfile"]["error"][$i] > 0)
{
echo "Error: " . $_FILES["userfile"]["error"][$i] . "<br />";
}
else
{
move_uploaded_file( $_FILES["userfile"]["tmp_name"][$i],
"upload/" . $_FILES["userfile"]["name"][$i] );
}
}
?>
See: Example 19 (Multiple Files)
Important Features
• Form Handling
• Data Sanitization & Validation
• Server Side Includes
• File Upload
• Directory Functions
• File System Functions
• Cookies
• Sessions
• Hash Password Function