File Upload Via PHP

Disclaimer

These instructions/steps worked for me in CentOS. It may very well work for you on Red Hat-like or other distributions. Please note that if you decide to use these instructions on your machine, you are doing so entirely at your very own discretion and that neither this site, sgowtham.com, nor its author is responsible for any/all damage – intellectual or otherwise.



During my recent, still on-going, attempts to write a personally satisfying photoblog software/application, I happened to learn about File Uploads using PHP. There are numerous articles on the web and in the books, but what follows here is what worked for me – it is expected to serve as a Note2Self but if you find it useful, please feel free to do so.


A Form To Select The File

Let us suppose that the HTML file that displays this form is called NewFile.html and the PHP file that does the actual uploading work (and some more) is called Uploader.php.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
 
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="Uploader.php" method="POST">
  <table align="left" cellpadding="5" cellspacing="5" border="0" width="100%">
    <tr>
      <td align="left" valign="top">
        Select A File
      </td>
 
      <td align="left" valign="top">
        <!-- MAX_FILE_SIZE (measured in bytes) must precede the file input field and its value 
        is the maximum filesize accepted by PHP. Fooling this setting on the browser side is 
        quite easy, so never rely on files with a greater size being blocked by this feature. 
        The PHP settings for maximum-size, however, cannot be fooled. This form element 
        should always be used as it saves users the trouble of waiting for a big file being 
        transferred only to find that it was too big and the transfer failed. -->
        <input type="hidden" name="MAX_FILE_SIZE" value="4194304">
 
        <!-- Name of input element determines name in $_FILES array.
        uploaded_file is the reference assigned in the form. This will be needed to 
        tell the $_FILES array which file should be handled -->
        <input name="uploaded_file" type="file">
      </td>
    </tr>
 
    <tr>
      <td align="left" valign="top">
        &nbsp;
      </td>
 
      <td align="left" valign="top">
        <input type="submit" value="Upload This File">
      </td>
    </tr>
  </table>
</form>
 
</body>
</html>


Uploader.php

Suppose that the end-user selected a file to upload and hit the Upload This File button. Now, the file, Uploader.php takes over and does a few things. The source code follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
if ($_FILES['uploaded_file']['error'] > 0) {
  # The error code  associated with this file upload.
  echo "Error: "     . $_FILES['uploaded_file']['error'] . "<br>";
} else {
  # The original name of the file on the client machine.
  echo "Upload: "    . $_FILES['uploaded_file']['name'] . "<br>";
 
  # The mime type of the file, if the browser provided this information. 
  # This mime type is however not checked on the PHP side and therefore it's value should
  # should not be taken for granted.
  echo "Type: "      . $_FILES['uploaded_file']['type'] . "<br>";
 
  # The size, in bytes, of the uploaded file.
  echo "Size: "      . ($_FILES['uploaded_file']['size'] / 1024) . " kB<br>";
 
  # The temporary filename of the file in which the uploaded file was stored on the server.
  echo "Stored in: " . $_FILES['uploaded_file']['tmp_name'] . "<br>";
 
  # Where the file is going to be placed; choose this judiciously
  # This location needs to have 'write' permissions for 'apache' (or the web-user)
  $target_path = "tmp/";
 
  if(!is_writable($target_path)) {
    die('Cannot be uploaded to the specified directory. Please change permission  to 777.');
  }
 
  # This is the temporary file created by PHP.
  $uploaded_file = $_FILES['uploaded_file']['tmp_name'];
 
  $target_path = $target_path . basename( $_FILES['uploaded_file']['name']);
 
  if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $target_path)) {
    echo "The file " .  basename( $_FILES['uploaded_file']['name']) . " has been uploaded";
  } else{
    echo "There was an error uploading the file, please try again!";
  }
}
?>


Specific MIME Type

The purpose of this code, as I mentioned before, was to be part of the photoblog software and as such, it wouldn’t make much sense to upload anything but graphic files (JPEG/GIF/PNG). Also, once the graphic file is uploaded to the server, more often than not it needs to be resized (thumbnails). I will probably include those parts in a subsequent post.