$_FILES file upload in PHP. Code example

To upload a file to the server, we need to use a form with the parameter enctype=”multipart/form-data”

To begin, create a test form:

<form action="upload.php" method="POST" enctype="multipart/form-data">
    <input type="file" name="file">
    <button type="submit">upload file</button>
</form>

At upload.php we can get file information via the global variable $_FILES:

$_FILES['file']['tmp_name'];//temporary file location

Each file object has its own parameters that we can get:

$_FILES["file"]["name"]://file name

$_FILES["file"]["type"]://file content type, e.g. image/jpeg

$_FILES["file"]["size"]://file size in bytes

$_FILES["file"]["tmp_name"]://name of a temporary file stored on the server

$_FILES["file"]["error"]://error code while uploading

Use the function to download the file:

move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name']);

This code uses the move_uploaded_file function to move the uploaded file to a specified location on the server.

In the above code, a file uploaded through a form with a file field is moved from a temporary location (the path to the temporary file is specified in $_FILES[‘file’][‘tmp_name’] ) to a specified location on the server (the path and file name are specified in $ _FILES[‘file’][‘name’] ).

Let’s check if the file has been downloaded:

if(!move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name])) {
    echo 'Error';
    die();
} else {
    echo 'Allright!!!!';
}

upload_max_filesize = 2M

We can also set up a folder for temporary downloads. To do this, find the following line in the php.ini file:

;upload_tmp_dir =

Multiuload example

<!DOCTYPE html>
<html>
<head>
<title>Multiupload</title>
<meta charset="utf-8" />
</head>
<body>
<?php
if($_FILES)
{
    foreach ($_FILES["uploads"]["error"] as $key => $error) {
        if ($error == UPLOAD_ERR_OK) {
            $tmp_name = $_FILES["uploads"]["tmp_name"][$key];
            $name = $_FILES["uploads"]["name"][$key];
            move_uploaded_file($tmp_name, "$name");
        }
    }
    echo "Uploaded";
}
?>

<form method="post" enctype="multipart/form-data">
    <input type="file" name="uploads[]" /><br />
    <input type="file" name="uploads[]" /><br />
    <input type="file" name="uploads[]" /><br />
    <input type="submit" value="Upload" />
</form>
</body>
</html>

How to save a file after downloading through $FILE. Code example

May 16, 2022

srgey@gmail.com

Security checks during download

When uploading files to the server, it is important to perform a number of security checks to prevent possible vulnerabilities and malicious actions. Some of the basic security checks that are recommended to be performed include:

• File type check:

  	$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
  	if (in_array($_FILES['file']['type'], $allowedTypes)) {
      // Some actions
  	} else {
      echo "Wrong file type.";
  	}
  	

• Checking file size:

  	$maxFileSize = 5 * 1024 * 1024; // 5MB
  	if ($_FILES['file']['size'] <= $maxFileSize) {
      // // Some actions
  	} else {
      echo "File too big.";
  	}
  	

• Unique file name:

  	$filename = uniqid() . '_' . $_FILES['file']['name'];
  	

• Storing files in a separate directory:

  	$uploadDir = 'uploads/';
  	$filename = $uploadDir . $_FILES['file']['name'];
  	move_uploaded_file($_FILES['file']['tmp_name'], $filename);
  	

• Restriction of access rights:
  Set correct directory permissions to limit access to downloaded files