Preloader

Handling File Uploads in PHP

PHP Tutorials
codevigyaan php

Using PHP for file uploading enables the user to upload files from his/her PC to the site. These files can be of many different types such as image, documents, and other file types like, Adobe Acrobat (pdf). In real projects, the most common usage of file uploading is uploading profile images, resumes, assignments and feedback/contact formats.

As uploaded files come directly from the user PHP has to be very particular with them. Validation and security checks become important. When handled correctly file uploads are as safe and reliable.

How File Uploads Work Step by Step

File uploads in PHP follow a clear and simple flow.
First, an HTML form lets the user select a file from their device.
After that, the user submits the form.
PHP then stores the uploaded file in a temporary location on the server.
Finally, the file is moved to a permanent folder for storage.

This step by step process helps PHP manage uploaded files safely and efficiently.

Creating the HTML File Upload Form

In order to upload files successfully the form must adhere to two rules:
It should submit data using secure POST method.
Furthermore it must contain the attribute enctype=“multipart/form-data”.

<form method="post" enctype="multipart/form-data">
    <input type="file" name="file">
    <input type="submit" name="upload" value="Upload File">
</form>

Will not work unless you select the right encoding type.

Understanding the $_FILES Superglobal

The file information sent when uploading a file is stored in the superglobal $_FILES. This superglobal contains several pieces of useful information about the file, which PHP will use when validating it.

$_FILES['file']['name']      // The original file name
$_FILES['file']['type']      // File format
$_FILES['file']['size']      // Size of file in bytes
$_FILES['file']['tmp_name']  // Temporary location
$_FILES['file']['error']     // Error code associated with the file upload

These values help PHP to determine, whether file will be saved or should be rejected.

Moving the Uploaded File

Once uploaded, PHP stores the file in a temporary folder. To save it permanently you‘ll have to move it using function move_uploaded_file().

<?php
$targetFolder = "uploads/";
$fileName = $_FILES['file']['name'];
$tempFile = $_FILES['file']['tmp_name'];

move_uploaded_file($tempFile, $targetFolder . $fileName);
?>

Before doing this, ensure the folder ‘uploads’ exists and has permissions set up for adding this file.

Validating File Uploads

It‘s crucial that you validate in order to make sure that your site is protected against malicious files. Don‘t save your file until you have validated.

If a File Is Selected

if ($_FILES['file']['error'] == 0) {
    echo "File selected";
}

Check File Size

if ($_FILES['file']['size'] > 2000000) {
    echo "File size must be under 2MB";
}

Check File Type

$allowedTypes = ['jpg', 'png', 'pdf'];
$fileExtension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

if (!in_array($fileExtension, $allowedTypes)) {
    echo "File type not allowed";
}

You simply add these security checks.

Renaming Files Before Saving

Duplicate files are easily overwritten when uploaded. It is thus essential to set up the system so that files are renamed when saved.

$newName = time() . "_" . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $newName);

And because of that, each uploaded file will have a different name.

Common Beginner Mistakes

Many new users permit all types of files, which is insecure. Some miss out validation, or don‘t set folder permissions. Sometimes developers use the GET method rather than Post. Taking care of all these details keeps uploads secure.

Best Practices for Beginners

  • Validate any files before uploading
  • Be careful and limit the uploaded file size.
  • Rename files on Save
  • Store uploads to a safe folder
  • Never trust user uploaded files

Summary

File Upload. PHP provides for controlled file submission by users via a PHP enabled form. It temporarily stores the files in a temporary directory, but then moves the file to a secure directory or folder. By adding controls like checking the size of the file as well as its type and renaming, it is possible for a novice to enable file upload in PHP.

check our Bootstrap Templates section. Visit → https://codevigyaan.com/bootstrap-projects

Want E-Books? Open →https://codevigyaan.com/free-e-books/

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *