File Uploads in PHP
A file upload is a special case of getting form input. Half of the story is putting together
the correct HTML. File uploads are specified in RFC 1867. They are supported by
Netscape Navigator 2 and above, as well as Internet Explorer 4 and above. Placing an
input tag inside an HTML form with the type attribute set to file causes a text box and a
button for browsing the local file system to appear on the Web page. Browsers that do not
support uploads will likely render this as a text box, so it's best to present uploading
forms only to capable browsers. The forms must use the post method to allow for
uploads, and they must also contain the enctype attribute with a value of
multipart/form-data. A hidden form variable, MAX_FILE_SIZE, must precede the file
input tag. Its value is the maximum file size in bytes to be accepted.
When the form is submitted, PHP will detect the file upload. The file will be placed in a
temporary directory on the server, such as /var/tmp. Several variables will be created
based on the name of the file field. A variable with the same name as the file field will
contain the complete path to the file in the local file system. A variable with _name
appended to the file field name will contain the original file name as provided by the
browser. A variable with _size appended to the file field name will contain the size of
the file in bytes. Finally, a variable with _type appended to the file field name will
contain the MIME type of the file, if it was offered by the browser.
Listing 7.4 File Upload
<?
//check for file upload
if(isset($UploadedFile))
{
unlink($UploadedFile);
print("Local File: $UploadedFile <BR>\n");
print("Name: $UploadedFile_name <BR>\n");
print("Size: $UploadedFile_size <BR>\n");
print("Type: $UploadedFile_type <BR>\n");
print("<HR>\n");
}
?>
<FORM ENCTYPE="multipart/form-data"
ACTION="<? $PHP_SELF ?>" METHOD="post">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="4096">
<INPUT NAME="UploadedFile" TYPE="file">
<INPUT TYPE="submit" VALUE="Upload">
If you plan on using the file later, move the new file into a permanent spot. If you do not,
PHP will delete the file when it finishes executing the current page request. Listing 7.4 is
an example script that accepts uploads and immediately deletes them.
File uploads are limited in size by a directive in php.ini, upload_ max_filesize. It
defaults to two megabytes. If a file exceeds this limit, your script will execute as if no file
were uploaded. A warning will be generated, as well.
Like other form fields, the upload form field is treated like setting the value of a variable.
If you place square brackets at the end of the field name, an array will be created. As you
would expect, the size and type values will be placed in similarly named arrays. You can
take advantage of this to allow for multiple file upload fields.
A file upload is a special case of getting form input. Half of the story is putting together
the correct HTML. File uploads are specified in RFC 1867. They are supported by
Netscape Navigator 2 and above, as well as Internet Explorer 4 and above. Placing an
input tag inside an HTML form with the type attribute set to file causes a text box and a
button for browsing the local file system to appear on the Web page. Browsers that do not
support uploads will likely render this as a text box, so it's best to present uploading
forms only to capable browsers. The forms must use the post method to allow for
uploads, and they must also contain the enctype attribute with a value of
multipart/form-data. A hidden form variable, MAX_FILE_SIZE, must precede the file
input tag. Its value is the maximum file size in bytes to be accepted.
When the form is submitted, PHP will detect the file upload. The file will be placed in a
temporary directory on the server, such as /var/tmp. Several variables will be created
based on the name of the file field. A variable with the same name as the file field will
contain the complete path to the file in the local file system. A variable with _name
appended to the file field name will contain the original file name as provided by the
browser. A variable with _size appended to the file field name will contain the size of
the file in bytes. Finally, a variable with _type appended to the file field name will
contain the MIME type of the file, if it was offered by the browser.
Listing 7.4 File Upload
<?
//check for file upload
if(isset($UploadedFile))
{
unlink($UploadedFile);
print("Local File: $UploadedFile <BR>\n");
print("Name: $UploadedFile_name <BR>\n");
print("Size: $UploadedFile_size <BR>\n");
print("Type: $UploadedFile_type <BR>\n");
print("<HR>\n");
}
?>
<FORM ENCTYPE="multipart/form-data"
ACTION="<? $PHP_SELF ?>" METHOD="post">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="4096">
<INPUT NAME="UploadedFile" TYPE="file">
<INPUT TYPE="submit" VALUE="Upload">
If you plan on using the file later, move the new file into a permanent spot. If you do not,
PHP will delete the file when it finishes executing the current page request. Listing 7.4 is
an example script that accepts uploads and immediately deletes them.
File uploads are limited in size by a directive in php.ini, upload_ max_filesize. It
defaults to two megabytes. If a file exceeds this limit, your script will execute as if no file
were uploaded. A warning will be generated, as well.
Like other form fields, the upload form field is treated like setting the value of a variable.
If you place square brackets at the end of the field name, an array will be created. As you
would expect, the size and type values will be placed in similarly named arrays. You can
take advantage of this to allow for multiple file upload fields.