PHP image file upload implementation code
- 2020-03-31 21:22:54
- OfStack
For the safety of the site, certainly do not let upload PHP file, if someone into your background, uploaded a PHP file, your website source code, all saved into his, directly package to see your code. So be sure to control the upload directory and file type, generally can only upload pictures.
Create a file upload form
It is useful to allow users to upload files from the form.
Look at the following HTML form for uploading files:
Be aware of the following information about this form:
< Form> The enctype attribute of the tag specifies which content type to use when submitting the form. Use "multipart/form-data" when a form requires binary data, such as file content.
< Input> The type="file" attribute of the tag specifies that the input should be treated as a file. For example, when you preview in a browser, you see a browse button next to the input box.
Note: allowing users to upload files is a huge security risk. Allow only trusted users to perform file uploads.
Create upload script
"Upload_file.php" file contains the code for uploading files:
By using PHP's global array $_FILES, you can upload files from a client's computer to a remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name", or" error". Like this:
This is a very simple way to upload files. For security reasons, you should add restrictions on which users have the right to upload files.
Upload restrictions
In this script, we have added restrictions on file uploads. Users can only upload.gif or.jpeg files, the file size must be less than 20 KB:
Note: for IE, the type of JPG file must be pjpeg, and for FireFox, it must be jpeg.
Save the uploaded file
The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copy file will disappear at the end of the script. To save the uploaded file, we need to copy it to another location:
The script above detects if the file exists, and if it does not, copies the file to the specified folder.
Note: this example saves the file to a new folder called 'upload'.
Create a file upload form
It is useful to allow users to upload files from the form.
Look at the following HTML form for uploading files:
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
Be aware of the following information about this form:
< Form> The enctype attribute of the tag specifies which content type to use when submitting the form. Use "multipart/form-data" when a form requires binary data, such as file content.
< Input> The type="file" attribute of the tag specifies that the input should be treated as a file. For example, when you preview in a browser, you see a browse button next to the input box.
Note: allowing users to upload files is a huge security risk. Allow only trusted users to perform file uploads.
Create upload script
"Upload_file.php" file contains the code for uploading files:
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>
By using PHP's global array $_FILES, you can upload files from a client's computer to a remote server.
The first parameter is the input name of the form, and the second subscript can be "name", "type", "size", "tmp_name", or" error". Like this:
$_FILES["file"]["name"] - The name of the uploaded file
$_FILES["file"]["type"] - The type of file to be uploaded
$_FILES["file"]["size"] - The size of the uploaded file in bytes
$_FILES["file"]["tmp_name"] - The name of the temporary copy of the file stored on the server
$_FILES["file"]["error"] - Error code caused by file upload
This is a very simple way to upload files. For security reasons, you should add restrictions on which users have the right to upload files.
Upload restrictions
In this script, we have added restrictions on file uploads. Users can only upload.gif or.jpeg files, the file size must be less than 20 KB:
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>
Note: for IE, the type of JPG file must be pjpeg, and for FireFox, it must be jpeg.
Save the uploaded file
The above example creates a temporary copy of the uploaded file in the server's PHP temporary folder.
This temporary copy file will disappear at the end of the script. To save the uploaded file, we need to copy it to another location:
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
The script above detects if the file exists, and if it does not, copies the file to the specified folder.
Note: this example saves the file to a new folder called 'upload'.