JDT

FREE Downloads
Articles
Tutorials

Creating a Simple File Uploader Using PHP - Part 3

In this series of tutorials we will look at how to develop a simple file uploader using PHP. All of the code is freely available for download (License: GNU GPL) from this link: Download File Uploader.

In this tutorial, we will look at how to create a form handler to process the uploaded file.

In Creating a Simple File Uploader Using PHP - Part 2 we looked at how to produce a very simple form to enable someone to browse for, and select, a file to upload. In this tutorial we will look at how to store the selected file in a directory on a server. To do this, we need to use a form handler - we will call this "fileUpload.php".

Getting the form data

The first task that the form handler needs to perform is to get the data that was entered on the form. To do this, we'll use the following bit of PHP code:

     $host=$_REQUEST['host'];
     $username=$_REQUEST['username'];
     $password=$_REQUEST['password'];
     $sourcefile=$_REQUEST['sourecefile'];
     $targetfolder=$_REQUEST['targetfolder'];

The first three bits of data will be used to access and change the permissions on the directory where the file will be stored. We will look at how to do this in Part 4.

Debugging the uploaded file

Next, the form handler contains a bit of debugging code:

     // Debugging for uploaded file
     print "<pre>";
     print "File name = ". $_FILES['sourcefile']['name'] . "<br>\n";
     print "Mime type = ". $_FILES['sourcefile']['type'] . "<br>\n";
     print "File size = ". $_FILES['sourcefile']['size'] . "<br>\n";
     print "Local name = ". $_FILES['sourcefile']['tmp_name'] . "<br>\n";
     print "Error code = ". $_FILES['sourcefile']['error'] . "<br>\n";
     print "</pre>";

These lines will generate some messages on the screen when you upload a file. A successful upload will generate a set of messages similar to those shown below (sample data is included).

     File name = redbox.gif
     Mime type = image/gif
     File size = 957
     Local name = /tmp/phpaTvwq4
     Error code = 0

Once you are happy that the uploader works fine, you can comment out these lines from the script.

Here is a list of possible error codes:

Value: 0 - There is no error, the file uploaded with success.
Value: 1 - The uploaded file exceeds the upload_max_filesize directive in php.ini.
Value: 2 - The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.
Value: 3 - The uploaded file was only partially uploaded.
Value: 4 - No file was uploaded.

Check that the file is valid

The form handler next checks that a valid file type has been uploaded. This is to prevent someone from trying to upload a script or something like that. This would be useful if you adapt the script to allow other people to upload files. We'll discuss this further in Part 5.

     // Check that user has uploaded a valid file type
     if ($_FILES['sourcefile']['type'] != 'text/plain' &&
     $_FILES['sourcefile']['type'] != 'text/html'
     && $_FILES['sourcefile']['type'] != 'image/gif'
     && $_FILES['sourcefile']['type'] != 'image/pjpeg'
     && $_FILES['sourcefile']['type'] != 'image/jpeg'
     && $_FILES['sourcefile']['type'] != 'image/x-png'
     && $_FILES['sourcefile']['error'] != '4'
     && $_FILES['sourcefile']['error'] != '1'
     && $_FILES['sourcefile']['error'] != '2')
     {

     Display an error message

     }

If a valid file type has been uploaded, a test is performed to make sure that the file is not too big:

     // Check that the file is not too big
     if ($_FILES['sourcefile']['error'] == '1' || $_FILES['sourcefile']['error'] == '2') {

     Display an error message
     }

Process the uploaded file

If there are no problems with the file, it can be stored on the web server in the location defined by '$targetfolder'.

     // Open file, read into memory. rb means binary read mode.
     $ffile = fopen($_FILES['sourcefile']['tmp_name'],"rb");

     if ($ffile) {
      // Read entire contents of file into $file_contents
      $file_contents = fread($ffile,$_FILES['sourcefile']['size']);
      }
     }

     // Display error message if user has not uploaded a file
     if (!$file_contents){

     Display an error message

     }

     // Specify the folder and file name
     $upfile = $targetfolder.$_FILES['sourcefile']['name'];

     // If a file has been uploaded, move it to the specified location
     if (is_uploaded_file($_FILES['sourcefile']['tmp_name']))

      {

      // SET FILE PERMISSIONS TO 0777 HERE

      if (!move_uploaded_file($_FILES['sourcefile']['tmp_name'], $upfile))
      {
      echo 'Problem: Could not move file to destination directory';

      // SET FILE PERMISSIONS TO 0755 HERE

      exit;
      }

      // SET FILE PERMISSIONS TO 0755 HERE

      }

     else
      {
      echo 'Problem: Possible file upload attack. Filename: ';
      echo $_FILES['sourcefile']['name'];

      exit;
      }

<- Go to Part 2   Go to Part 4 ->

Go back to PHP Tutorials home page

Go back to Tutorials home page

Earnings Tracker is John Dixon Technology's FREE accounting / bookkeeping software tool. Aimed at contractors and freelancers, Earnings Tracker enables you to perform bookkeeping and accounting tasks, helping you to keep track of your company's earnings and outgoings. The software is written in PHP and MySQL and is available to use for FREE online, or as a FREE download. Earnings Tracker can also be used simply as a dividend, corporation tax, or VAT calculator.

Copyright Notice for John Dixon Technology Ltd

Privacy Statement

Terms & Conditions