PHP provides a straightforward manner in which to handle file uploads. Anytime you upload a file, the $_FILES array is automatically filled in for you with various pieces of data. For example, if you had named your upload field 'upload', the following data would exist:
$_FILES['upload']['name'] The original name of the file from the user's machine.
$_FILES['upload']['type'] The mime type of the file (for example: 'text/plain'), but only if the browser provided the type.
$_FILES['upload']['size'] The size of the file in bytes.
$_FILES['upload']['tmp_name'] The full filename of the uploaded file.
$_FILES['upload']['error'] An error code, if there were any problems with the upload.
File Uploading script
// If we had any files
if (count($_FILES)) {
// Doublecheck that we really had a file:
if (!($_FILES['upload']['size'])) {
echo "
ERROR: No actual file uploaded
\n";
} else {
// Determine the filename to which we want to save this file:
$newname = dirname(__FILE__) . '/' .
basename($_FILES['upload']['name']);
// Attempt to move the uploaded file to it's new home:
if (!(move_uploaded_file($_FILES['upload']['tmp_name'],
$newname))) {
echo "
ERROR: A problem occurred during file upload!
\n";
} else {
// It worked!
echo "
Done! The file has been saved as: {$newname}
\n";
}
}
}
?>
The function move_uploaded_file() does a lot. Not only does it take care of moving the file to where we really want it to live, but it also performs some sanity checks on the uploaded file to make sure that a hijacking attempt has not occurred. You still need to check that the size of the file is not zero to determine whether a file was really uploaded. If someone submits a filename that doesn't actually exist on her machine, everything will look like a file was uploaded, except that the file size will be zero.
You need to make sure that the PHP directive upload_max_filesize and the form field max size are set appropriately, a number of other parameters need to be set, both on the server and in the HTML form. On the server side, the PHP directive post_max_size must be greater than upload_max_filesize. Also, the time it takes a file to upload is counted against the script execution time. Hence, the PHP directive max_execution_time needs to be set long enough to upload the expected files sizes. This can also be set within your script itself via the function set_time_limit(). There is also a directive called max_input_time, which is the maximum number of seconds that the script is allowed to parse input data. If the user is on a slow connection, or has a large file to upload, this limit may be exceeded. A small detail often overlooked is to make sure that permissions on the upload directory on the server are set such that the web server can actually write to it.
On the client side, there are two rules to follow: First, make sure that the form uses the POST method. Second, the form needs the following attribute: enctype="multipart/form-data". Without all these requirements, your file upload will not work.
- 1063 reads
Post new comment