PHP File upload

The file upload function is a function frequently used in the network life. The use of PHP can be very convenient to achieve file upload, the specific process is as follows:

Select File -> Check File Size and Type -> Generate Temporary Files -> Move Temporary Files to File Store Directory -> Log file information for easy management.

In the file upload function, you need to consider the following questions:

  1. Limit the size of the uploaded file
  2. Limit the types of uploaded files
  3. Only allow trusted users to upload files to prevent remote submissions
  4. Server-side file storage directory
  5. Manage your files after upload

HTML form

In the file upload form, you need to set the ENCTYPE property of the form to multipart /form-data:

<form enctype="multipart /form-data" action="upload.php" method="post">
<label for="file"> Please select uploaded file </label>
<input type="file" name="file" size="40" />
<br />
<input type="submit" name="submit" value="OK" />

In the <input> tag, type="file" indicates that the input should be treated as a file, and the Browse button for selecting the file will appear. Click this button to select the file on the local computer.

PHP file upload processing

PHP provides the built-in variable $_FILES to handle uploaded files.

$_FILES variable description(set the form name attribute to file):
$_FILES variable Description
$_FILES["file"]["name"] Original name of the client submission file
$_FILES["file"]["type"] The MIME type of the file provided by the browser, such as gif image /image. But this type does not check in the PHP side, so do not assume that there is this value
$_FILES["file"]["size"] The size of the uploaded file in bytes
$_FILES["file"]["tmp_name"] The temporary filename to be saved on the server after the file has been uploaded
$_FILES["file"]["error"] and the file upload-related error code, 0 means that the upload was successful

When you click the OK button to submit the form to upload.php, you can use the $_FILES variable to process the submitted file.

File Processing Example:

// File storage path
$file_path="upload /";
// 664 permissions for the file owner and group of users can read and write, other users read-only.
if (is_dir($file_path)!=TRUE) mkdir($file_path, 0664);
// Defines the file extension to be uploaded
$ext_arr=array("gif"," jpg"," jpeg"," png"," bmp"," txt"," zip"," rar ");

if (empty($_FILES) === false) {
    // Judgment check
    if ($photo_up_size> 2097152) {
        exit("Sorry, you uploaded more than 2M. ");
    if ($_FILES["file"]["error"]> 0) {
        exit("file upload error: ". $_FILES["file"]["error"]);

    // Get the file extension
    $temp_arr=explode("." $_FILES["file"]["name"]);
    // Check the extension
    if (in_array($file_ext, $ext_arr) === false) {
        exit("upload file extension is not allowed. ");
    // Rename the file with a timestamp
    $new_name=time(). "." . $File_ext;
    // Move the file to the storage directory
    move_uploaded_file($_FILES["file"]["tmp_name"]," $file_path ". $new_name);
    // Write the file storage information to the data table for management
    // *********** The code is abbreviated *********** // 
    echo "file upload success!";
} else {
    echo "no correct file upload";


  1. This example simply demonstrates the process of uploading a file, not directly to the actual project.
  2. The check for user rights is missing in this example
  3. if the file is not renamed after the upload, you need to do when the file name logic processing
  4. Write data table file information as a result of the database operation, temporary. The information written to the data table should include the time the file was uploaded, the user ID uploaded and the location where it was stored in order to clean up invalid file uploads and file expiration management.
  5. No commit validation, to prevent remote commits, you can generate a session ID on the form generation page and then verify it on the upload.php page to prevent remote commits.

Copyright 2014-2017 by All Rights Reserved.