When working on server there is no need to check
Description In PHP, input field type is used as file to upload the file to server which is easy.At the same time it is dangerous without proper validation.
"php.ini" file whether file upload permission has given or not.The operation will be default. But when working in local systems one have to check whether the file_uploads is on or not.If off, set that to on. file_uploads = On
Description
Two things have to be kept in mind when writing a form to upload a file to server.
- Use
form method ="post" - Define the attribute
enctype="multipart/form-data". It will explain the content-type while submitting the form.
Example
[php]
<!DOCTYPE html>
<html>
<body>
<form action="upload-img.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="imgToUpload" id="imgToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>
[/php]
Description
Once the form is submitted, the data in the uploaded file can be accessed with PHP superglobal array called 
$_FILES.
When a file is uploaded successfully, it gets saved in a temporary directory on the server automatically. In order to use that particular file, or make it save permanently, use the function
move_uploaded_file() which moves the file from temporary location to permanent location.upload-img.php
[php]
<?php
//specifies the directory where the file is going to be placed
$upload_dir = "uploads/";
//specifies the path of the file to be uploaded
$upload_file = $upload_dir . basename($_FILES["imgToUpload"]["name"]);
//$uploadOk=1 is not used yet (will be used later)
$uploadOk = 1;
//$imageFileType holds the file extension of the file
$imageFileType = pathinfo($upload_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image(other than image)
if(isset($_POST["submit"]))
{
$check = getimagesize($_FILES["imgToUpload"]["tmp_name"]);
if($check !== false)
{
echo "File is an image – " . $check["mime"] . ".";
$uploadOk = 1;
}
else
{
echo "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($upload_file))
{
echo "Sorry, file already exists."; $uploadOk = 0;
}
// Check file size
if ($_FILES["imgToUpload"]["size"] > 500000)
{
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" )
{
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0)
{
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
}
else
{
if (move_uploaded_file($_FILES["imgToUpload"]["tmp_name"], $upload_file))
{
echo "The file ". basename( $_FILES["imgToUpload"]["name"]). " has been uploaded.";
}
else
{
echo "Sorry, there was an error uploading your file.";
}
}
?>
[/php]
Output:
Points