Basic file upload using PHP

Posted on 04th August 2014

There are numerous instances where you need to allow your website users to upload pictures, videos, documents etc.,. This article shows you how to add a basic file upload functionality to your website using PHP.

Functional Description

  • The user is presented with a HTML page containing a form that has a Browse button and an Upload button.
  • The user clicks the Browse button and selects the file to upload from his computer.
  • The user clicks the Upload button which uploads the file to a temporary location on the webserver.
  • A PHP script on the server validates the file and move it to a permanent location on the server.
  • The PHP script sends the result of the upload back to the user.

Implementation Method

The steps to implement the above described functionality using PHP and HTML can be divided into three main sections.

1. Configure php.ini for file upload

The php.ini file contains a few directives that control the upload functionality. The most important directive is file_uploads.

Open php.ini file in a text editor and set the value of file_uploads directive to On to enable file uploads. The other parameters to be considered are :

  • upload_max_filesize - To prevent users from clogging your system by uploading large files you can set the maximum file size that can be uploaded with this directive.
  • max_file_uploads - This directive sets the maximum number of files a user can upload in a single request. This avoids the risk of users uploading huge number of files of smaller size and filling up your system.
  • upload_tmp_dir - By default the uploaded files are first stored in the system default temporary directory ( /tmp folder for example). You could change the location of temporary folder using this directive.

The sample php.ini file shown below enables file upload, sets maximum file size to 2MB and maximum number of files that can be uploaded in a single request to 5. The upload_tmp_dir directive is disabled hence the system default temporary folder will be used.

php.ini file

; Whether to allow HTTP file uploads.
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not specified).
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

; Maximum number of files that can be uploaded via a single request
max_file_uploads = 5

2. HTML Page

The HTML page contains a label and two input elements, one of type file and another of type submit, inside a form element. The user input data is send to the server using HTTP post method.

The following is the HTML page we use for this illustration.


<!DOCTYPE html>
	<title>Open Tech Guides - File Upload Demo</title>
<form enctype="multipart/form-data" action="file_upload.php" method="post" >
  <label for="file">Select file to upload :</label>
  <input name="fname" type="file" id="file">
  <input type="submit" value="Upload" name="submit" />

2. PHP Script

The PHP scripts first checks the error index of $_FILES array and if it is zero then the uploaded file is moved from its temporary location to a permanent location (In this case it is the same location where the PHP script resides). An upload successful message is displayed to the user along with the filename and size.

In case of error, i.e. , $_FILES['fname']['error'] > 0, the error code is analysed further and appropriate messages are displayed for file size greater than the upload_max_filesize in php.ini (2MB) and when user clicks the upload button without selecting a file. For all other kind of errors a "Upload failed" message is displayed.


    if ($_FILES['fname']['error'] == 0 ) {
	move_uploaded_file($_FILES['fname']['tmp_name'], $_FILES['fname']['name']);
	echo "File uploaded successfully !!! <br />";
	echo "Filename : ". $_FILES['fname']['name'])."<br />";
	echo "Size : " . $_FILES['fname']['size']  . "<br />";
    else {
	switch ($_FILES['fname']['error']) {
	     case UPLOAD_ERR_NO_FILE:
             	echo "Select a file to upload.";
         	echo "The file size exceeds upload_max_filesize in php.ini";
	 	echo "Upload failed";

The above PHP script is only for demo purpose and not recommended for production environments as the file upload feature poses various security threats which are not considered in this script.

Post a comment


Nothing the first to share wisdom.