Creating a file upload system

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Creating a file upload system

    In this tutorial I will show you how to create a simple file upload system with your user can upload a file from the local computer to your webserver. As you will see it is not so complicated to implement this very usefull script. However it can be dangerous if every visitor can upload files without any restriction. You can easy have a situation that there is no more free space on your server.

    Step 1.

    First of all you have to check your PHP settings whether it is enabled to upload files. It is quite easy, you just need to call the phpinfo() function which summerize tha actual PHP settings. Such an info script is very simple.My info.php looks like this:
    Code:
    <?php
         phpinfo();
    ?>
    You have to check 3 parameters in the output. These are the followings:
    file_uploads: It shows whether to allow HTTP file uploads. It must be “On”.
    upload_max_filesize: Temporary directory for HTTP uploaded files
    upload_tmp_dir: Maximum allowed size for uploaded files



    If the file upload is not enabled than set it in the php.ini file to on or contact with your system administrator. If everything is correct thane we can jump to the next step.

    Step 2.
    To allow a visitor to upload a file from the browser first of all we need to create an upload form. HTML forms have a special input types called “file” which stands from an input box and a Browse button. With this the visitor can select a file and its name and path will be copied into the input field. In this tutorial we create a quite simple form. It contains only the file input field and a submit button.

    The form looks like this:
    Code:
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="fileForm" enctype="multipart/form-data">
        File to upload:
        <table>
           <tr><td><input name="upfile" type="file"></td></tr>
           <tr><td><input type="submit" name="submitBtn" value="Upload"></td></tr>
        </table>  
    </form>
    As you can see the form action is to call this script again. Besides this there is one interesting part in the form tag. The parameter: enctype="multipart/form-data" This is a very important part of a file upload form. Without this parameter the upload will not work.

    Step 3.
    Now as the form is ready let's take care with the processing part. The script calls itself as result the form action parameter. To check whether the form was submitted we need to look after the "submitBtn" value in the PHP super global POST array. If it is set than the form was submitted and so we can start with the processing.

    When the form was submitted the file is transferred to the web server. The file will be stored in the location defined by the upload_tmp_dir PHP environment variable. The name of the file is a random generated file name so if you upload the demo.txt you will not find it with this name in the temporary directory.
    So here we need to define a target directory where we want to store the uploaded file. We will move the file from the temporary directory to this location.

    In case of a file upload PHP fills the $_FILES super global array with file information such as:
    error
    name
    size
    tmp_name
    type


    Regarding this information you can apply some more specific validation. For example you can limit the file size or file type.
    Now as you have this information you can create a new file name with the path on the server and move the file from the temporary directory to the real target by using the PHP built in function: move_uploaded_file(). The return value of the function will show you whether the file upload was success or not.
    And that was all. The basic upload script is ready.
    The complete upload script looks like this:
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html>
    <body>
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="fileForm" enctype="multipart/form-data">
            File to upload:
            <table>
              <tr><td><input name="upfile" type="file"></td></tr>
              <tr><td><input type="submit" name="submitBtn" value="Upload"></td></tr>
            </table>  
          </form>
    <?php    
        if (isset($_POST['submitBtn'])){
    
            // Define the upload location
            $target_path = "c:\\";
    
            // Create the file name with path
            $target_path = $target_path . basename( $_FILES['upfile']['name']); 
    
            // Try to move the file from the temporay directory to the defined.
            if(move_uploaded_file($_FILES['upfile']['tmp_name'], $target_path)) {
                echo "The file ".  basename( $_FILES['upfile']['name']). 
                     " has been uploaded";
            } else{
                echo "There was an error uploading the file, please try again!";
            }
        }
    ?>
    </body>
    Attached Files
    Last edited by riderz; 20.02.10, 20:35.
    ________________
    Jacques
    jacques@gw-designs.co.za
    http://coding.biz.tm
    Come join and lets make it a place to learn all the noobies how to code
    __________________

    NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH
Working...
X