Jump to content
Killersites Forums

Creating a file upload form with PHP


gilbertsavier
 Share

Recommended Posts

Hi,

Now we can create our upload.php file. To start we'll check that the file upload is safe by setting a list of allowed filetypes and disallowing all other file uploads. This will prevent people from uploading malicious files. Then we will check the filesize to prevent large files from being uploaded.

 

<?php

// Configuration - Your Options

$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.

$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).

$upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory).

 

$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).

$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

 

// Check if the filetype is allowed, if not DIE and inform the user.

if(!in_array($ext,$allowed_filetypes))

die('The file you attempted to upload is not allowed.');

 

// Now check the filesize, if it is too large then DIE and inform the user.

if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)

die('The file you attempted to upload is too large.');

 

// Check if we can upload to the specified path, if not DIE and inform the user.

if(!is_writable($upload_path))

die('You cannot upload to the specified directory, please CHMOD it to 777.');

 

// We'll start handling the upload in the next step

 

?>

 

It's worth noting, that by default PHP will not handle file uploads larger than 2MB, if you require PHP to handle larger files then you must first set upload_max_filesize and post_max_size in your php.ini file to be larger than 2MB.

Now that we know we have a suitably small file of a safe filetype we can upload it to where we want it to go. Using the same file:

 

<?php

// Configuration - Your Options

$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.

$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).

$upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory).

 

$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).

$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

 

// Check if the filetype is allowed, if not DIE and inform the user.

if(!in_array($ext,$allowed_filetypes))

die('The file you attempted to upload is not allowed.');

 

// Now check the filesize, if it is too large then DIE and inform the user.

if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)

die('The file you attempted to upload is too large.');

 

// Check if we can upload to the specified path, if not DIE and inform the user.

if(!is_writable($upload_path))

die('You cannot upload to the specified directory, please CHMOD it to 777.');

 

// Upload the file to your specified path.

if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))

echo 'Your file upload was successful, view the file here'; // It worked.

else

echo 'There was an error during the file upload. Please try again.'; // It failed :(.

 

?>

 

-------------------------

Thanks & regards

Lokananth

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...