October 15, 2011 upload_post

Simple file upload in PHP

As we all know today, PHP is a very powerful language to work with when it comes to dynamic websites. One of the things you are able to do with PHP is to upload a file to your server. You can decide what type of files a user can upload. We will take a look at a simple file upload in PHP, restrict the user to only upload a plain text file, and we will read it, and display it on the browser for the user to see it’s content. Here we go.

The following is a simple form for uploading files with PHP.

Note that in the form tag, we have added the attribute enctype = “multipart/form-data”. This attribute indicates that a file will be processed with that form. Second, in one of you input fields, we have them as type=”file”. This is the input field where you type in your file or you can browse it. Also, we have added a hidden input type. This field is not shown to the user, but it is expected to be present when the script is being handled. The name given to this field is MAX_FILE_SIZE. The value given to it will be interpreted in bytes. In this example, we have added 1,000,000 bytes, which we can say it is almost 1 Megabyte.

Once the form has been submitted by the user, we need a script to handle the uploaded file. This uploaded file will first reside in the servers temporary directory. Once it is here, we need to do something with it, or it will get erased as soon as our process is finished. So let’s take a look at the script to handle the file upload, and see how can we limit the user to only upload text files.

As you can see, we have used various native php functions and global variables. The variable $_FILES contains an array for some properties of the file that was just uploaded. Here’s a brief description using the same name from the previous example:

$FILE[‘userfile’][‘tmp_name’] Path to where the file has been place in the server temporarily
$FILE[‘userfile’][‘name’] Contains the original name, from where it’s being uploaded from
$FILE[‘userfile’][‘size’] This is an easy one… the size is in bytes.
$FILE[‘userfile’][‘type’] Ah yes, we saw this one on the example. It tells us what type of file it is.
$FILE[‘userfile’][‘error’] This as we saw as well, contains the default errors from PHP.

We first opened the file using native function fopen(). When opening a file, it needs a specific mode. In this case we used ‘r’ for read, and ‘w’ for write. For all file modes, you can look here. Once we were done, we went ahead and closed the file. The file is closed to avoid any file corruptions and many things might go wrong. If this is a config file, and it gets busted, you might get in a lot of trouble. So always remember to close your files.

We also reformatted the content of the file, taking out unnecessary tags so that we can display it on our page to the users. We used the native function strip_tags(). This function will take out all tags that are in the text file. The first parameter is the string that contains the the text. The optional parameters that can be passed to it, is a string of allowable tags. In this case, we did not allow any tags.

Something to remember:
You should not let just anyone upload stuff to your website. If a user is in this position within your website, it should be because he has the proper authorizations to do such task. Authorizations we will talk about soon, so for now, take care everyone!


Leave a Reply

Your email address will not be published. Required fields are marked *

The qTranslate Editor has disabled itself because it hasn't been tested with your Wordpress version yet. This is done to prevent Wordpress from malfunctioning. You can reenable it by clicking here (may cause data loss! Use at own risk!). To remove this message permanently, please update qTranslate to the corresponding version.