Upload

Index
» Articles
» Upload

«« Prev Next »»

Upload

If you have only one computer that consists of client and server sides don’t forget that php uses client-server technology. File that we want to upload as usual is situated at the client computer. For transferring the file we’ll need the following form:

<form enctype="multipart/form-data" action="/upload.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="30000"> Send this file: <input name="userfile" type="file"> <input type="submit" value="Send File"> </form>

In the action field there should be indicated the URL of your PHP-script that will process the uploaded files. The hidden field MAX_FILE_SIZE should precede the field of the file choosing. It has to check the uploaded file size before sending it to the server.

What happens if user chooses the file at the disc and presses “Send file” button? Browser sends file to the server and that file is put to the temporary directory by php-interpreter.

upload.php looks as follows:

<?php $uploaddir = "/var/www/uploads/"; if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploaddir . $_FILES["userfile"]["name"])) { print "File is valid, and was successfully uploaded."; } else { print "There some errors!"; } ?>

If you use PHP beginning with version 4.1.0 you have to use global array $_FILES. For every uploaded file it has the hash array with the following data:

$_FILES['userfile']['name'] – original name of the file;
$_FILES['userfile']['type'] - mime/type file, for example, it can be image/gif;;
$_FILES['userfile']['size'] – uploaded file’s size;
$_FILES['userfile']['tmp_name'] – full path to the file at the disc;
$_FILES['userfile']['error'] – Beginning with version 4.2.0 includes the code of the error that equals 0 if operation is successful.

In PHP (earlier than 4.1.0) that array is called $HTTP_POST_FILES. That array can’t be considered as a superglobal one that’s why when calling it indicate global $HTTP_POST_FILES.

If in the server settings register_globals=on, there will be created additional variables like $userfile_name, $userfile_type, $userfile_size… Beginning with version 4.2.0 register_globals=off (by default) that’s why there is no use in using these variables.

For working with uploaded files it is better to use integrated functions is_uploaded_file and move_uploaded_file.

Server setting

If your script doesn’t work reasons can be found in the server settings. Here we have the list of the directives that concern the file uploading:

In the php.ini file:

If you want to learn where your php.ini is situated run as follows:

<?php phpinfo(); ?>

file_uploads – allows or prohibits files uploading. By default is On
upload_max_filesize – maximum file size that can be uploaded. If you want to work with big files change that setting.
post_max_size – data size limit. Default value is 8M
upload_tmp_dir – temporary directory on the server where uploaded files will be put in.

In the httpd.conf file:

Make sure that you use web-server Apache 1.3. If you use Apache 2.0 read the following issue of the documentation:

Do not use Apache 2.0 and PHP in a production environment neither on Unix nor on Windows.

If you got message "POST Method Not Allowed" you have to use the key word Allow:

<Limit POST > Order allow,deny Allow from all </Limit>

If you have problems with binary files upload make as follows. Create .htaccess file in the directory where your script is situated and write CharsetDisable On. In the httpd.conf file write the following lines:

<Location /> CharsetRecodeMultipartForms Off </Location>

Additional opportunities

Uploading of several files simultaneously

You can use the following form:

<form action="file-upload.php" method="post" enctype="multipart/form-data"> Send these files:<br> <input name="userfile[]" type="file"><br> <input name="userfile[]" type="file"><br> <input type="submit" value="Send files"> </form>

Don’t forget to increase the post_max_size if you work with several files.

Automatic uploading

Don’t forget that files at the user’s disc is the confidential information. You can’t work with them until user hasn’t chosen the file by means of «input type="file"».

Files storage in the MySQL database

If you want to store files in the database you have to know the following items:

You have to use field like BLOB
Don’t forget to use mysql_escape_string before uploading files to the database
You have to indicate content/type header

Don’t store images in the database. It is better to store only paths to those images.

Image properties getting

If you need to check the type or size of the image you have to use function getimagesize. The argument of that function is the file name; that function returns an array, its elements are width, height and type of the image.

About rights

Problems with rights on the server (upload_tmp_dir)

In the *nix-type operative systems every folder, file and link has the correspondence access rights. They can look like rwx-rw-r- or 754.

File or catalog accessibility depend on user ID and group ID

User Group Others (u) (g) (o) rwx rwx rwx

Example

<? $max_image_width= 380; $max_image_height= 600; $max_image_size= 64 * 1024; $valid_types = array("gif","jpg", "png", "jpeg"); if (isset($_FILES["userfile"])) { if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) { $filename = $_FILES["userfile"]["tmp_name"]; $ext = substr($_FILES["userfile"]["name"], 1 + strrpos($_FILES["userfile"]["name"], ".")); if (filesize($filename) > $max_image_size) { echo "Error: File size > 64K."; } elseif (!in_array($ext, $valid_types)) { echo "Error: Invalid file type."; } else { $size = GetImageSize($filename); if (($size) && ($size[0] < $max_image_width) && ($size[1] < $max_image_height)) { if (@move_uploaded_file($filename, "/www/htdocs/upload/")) { echo "File successful uploaded."; } else { echo "Error: moving fie failed."; } } else { echo "Error: invalid image properties."; } } } else { echo "Error: empty file."; } } else { echo " <form enctype="multipart/form-data" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="64000"> Send this file: <input name="userfile" type="file"> <input type="submit" value="Send File"> </form>} ?>

Another example with PEAR using:

<html><body> <form action="<?php echo $HTTP_SERVER_VARS["PHP_SELF"];?>?submit=1" method="post" enctype="multipart/form-data"> Send these files:<br> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> <input name="userfile" type="file"> <-<br> <input name="otherfile[]" type="file"><br> <input name="otherfile[]" type="file"><br> <input type="submit" value="Send files"> </form> </body></html> <?php error_reporting(E_ALL); if (!isset($submit)) { exit; } require "HTTP/Upload.php"; echo "<pre>"; //print_r($HTTP_POST_FILES); $upload = new http_upload("es"); $file = $upload->getFiles("userfile"); if (PEAR::isError($file)) { die ($file->getMessage()); } if ($file->isValid()) { $file->setName("uniq"); $dest_dir = "./uploads/"; $dest_name = $file->moveTo($dest_dir); if (PEAR::isError($dest_name)) { die ($dest_name->getMessage()); } $real = $file->getProp("real"); echo "Uploaded $real as $dest_name in $dest_dir\n"; } elseif ($file->isMissing()) { echo "No file selected\n"; } elseif ($file->isError()) { echo $file->errorMsg() . "\n"; } print_r($file->getProp()); echo "</pre>"; ?>