I’m going to show you how you can allow users to upload file into your web server. I’m just covering the basics here. Though I’m not concerning security related issues here, there is a big risk in allowing users to upload files.
The first reason is that people can upload scripts into you server and execute them there. The second easiest thing to do is write a script that upload hundreds of thousands of files into your server, eventually making it run out of disk space. Hopefully in the future I’m going to write some security articles as well.

By default in PHP versions 5.x, file uploading is enables in php.ini. If you are in windows, php.ini file resides in the folder where you installed PHP. In Linux this file may exist in /usr/local/lib/php.ini path, if you went with the default settings.

Under the File upload section, there are some important directivesfile_uploads = On. This directive indicate that file upload is on. The next directive is ‘upload_tmp_dir’. When user uploads a file, the file is temporally stored in the directory specified by this directive. One important thing you should keep in ming is that This temporally created file only exist until the PHP file ends. So you must move the file to the appropriate directory of your choice. I’ll show you how to do it later. Then you have another directive called upload_max_filesize’. This specifies the maximum size of the file allowed to upload.First step is designing a form that user can use to select his/her file. Here is a simple form.

1
2
3
4
5

<form action="file_upload.php" enctype="multipart/form-data" method="post">
File: <input name="upload_file1" type="file" /> 
 
<input type="submit" value="Upload" />
</form>

If you want to upload a file enctype=”multipart/form-data” attribute must be in the form tag, otherwise the browser will not send the file to the server. As usual, there is an input field, but with the type equals to ‘file’. This gives the user a browse button with a text field to select the file. I’m sending the information to a php file called file_upload.php here.Now lets look at how does file_upload.php looks like.

24d3aee06e3caef6a14d3c85c5636936001

PHP has a super global array called $_FILES. Then a file is uploaded to the server, php uses this array to keep information about the file. In the first pair of square brackets, you have the file name. The file name is taken from the form that you send the file. In this case it’s “ upload_file1 “. Next, attributes associated with the file are in the next pair of square brackets. $_FILES['upload_file1']['name'] – Name of the original file that the user upload.

$_FILES['upload_file1']['tmp_name'] — I mentioned earlier that the file is copied to a temporary location, until the script ends. This has the name given to that temporally created file. By default. This file has a file name with “php” prefix and a randomly generated name. This has done to eliminate one file overwriting another file with the same name.

There are some more attributes. You can refer to the PHP manual, if you want to have more control.Only thing you have do is, copy the temporally created file to a permanent location with the function move_uploaded_file(). This function copies the temp file to you ferment location. You should give the full path of the file. That is the path and the name.

Also make sure that this directory exist and apache as permission to write the destination location. This example shows a Microsoft Windows path. If you are on linux file path can be something like /var/www/html/uplodes/ ($file_path=”/var/www/html/uplodes/”;). If your running apache user that user “apache”, you can change its ownership to apache.chown -R apache /var/www/html/uplodes/.

Hope you got something out of it. Your comments are always welcome.

Dharshin