In PHP, input field type is used as file to upload the file to server which is easy.At the same time it is dangerous without proper validation. When working on server there is no need to check "php.ini" file whether file upload permission has given or not.The operation will be default. But when working in local systems one have to check whether the file_uploads is on or not.If off, set that to on.

Two things have to be kept in mind when writing a form to upload a file to server.

• Use form method ="post"
• Define the attribute enctype="multipart/form-data". It will explain the content-type while submitting the form.

[php] <!DOCTYPE html> <html> <body> <form action="upload-img.php" method="post" enctype="multipart/form-data"> Select image to upload: <input type="file" name="imgToUpload" id="imgToUpload"> <input type="submit" value="Upload Image" name="submit"> </form> </body> </html> [/php]

Once the form is submitted, the data in the uploaded file can be accessed with PHP superglobal array called $_FILES. upload-img.php [php] <?php //specifies the directory where the file is going to be placed $upload_dir = "uploads/"; //specifies the path of the file to be uploaded $upload_file = $upload_dir . basename($_FILES["imgToUpload"]["name"]); //$uploadOk=1 is not used yet (will be used later) $uploadOk = 1; //$imageFileType holds the file extension of the file $imageFileType = pathinfo($upload_file,PATHINFO_EXTENSION); // Check if image file is a actual image or fake image(other than image) if(isset($_POST["submit"])) { $check = getimagesize($_FILES["imgToUpload"]["tmp_name"]); if($check !== false) { echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { echo "File is not an image."; $uploadOk = 0; } } // Check if file already exists if (file_exists($upload_file)) { echo "Sorry, file already exists."; $uploadOk = 0; } // Check file size if ($_FILES["imgToUpload"]["size"] > 500000) { echo "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) { echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { echo "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["imgToUpload"]["tmp_name"], $upload_file)) { echo "The file ". basename( $_FILES["imgToUpload"]["name"]). " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } } ?> [/php] Output: