downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Our source is open

The syntax highlighted source is automatically generated by PHP from the plaintext script. If you're interested in what's behind the several functions we used, you can always take a look at the source of the following files:

Of course, if you want to see the source of this page, we have it available. You can also browse the SVN repository for this website on svn.php.net.

Source of: /manual/en/features.file-upload.post-method.php

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/features.file-upload.inc";
$setup = array (
  'home' =>
  array (
    0 => 'index.php',
    1 => 'PHP Manual',
  ),
  'head' =>
  array (
    0 => 'UTF-8',
    1 => 'en',
  ),
  'this' =>
  array (
    0 => 'features.file-upload.post-method.php',
    1 => 'POST method uploads',
  ),
  'up' =>
  array (
    0 => 'features.file-upload.php',
    1 => 'Handling file uploads',
  ),
  'prev' =>
  array (
    0 => 'features.file-upload.php',
    1 => 'Handling file uploads',
  ),
  'next' =>
  array (
    0 => 'features.file-upload.errors.php',
    1 => 'Error Messages Explained',
  ),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);

manual_header();
?>
<div id="features.file-upload.post-method" class="sect1">
   <h2 class="title">POST method uploads</h2>
   <p class="simpara">
    This feature lets people upload both text and binary files.
    With PHP&#039;s authentication and file manipulation functions,
    you have full control over who is allowed to upload and
    what is to be done with the file once it has been uploaded.
   </p>
   <p class="simpara">
    PHP is capable of receiving file uploads from any RFC-1867
    compliant browser (which includes <span class="productname">Netscape Navigator 3</span>
    or later, <span class="productname">Microsoft Internet Explorer 3</span>
    with a patch from Microsoft, or later without a patch).
   </p>

   <blockquote><p><b class="note">Note</b>:
    <b>Related Configurations Note</b><br />
   
     See also the <a href="ini.core.php#ini.file-uploads" class="link">file_uploads</a>,
     <a href="ini.core.php#ini.upload-max-filesize" class="link">upload_max_filesize</a>,
     <a href="ini.core.php#ini.upload-tmp-dir" class="link">upload_tmp_dir</a>,
     <a href="ini.core.php#ini.post-max-size" class="link">post_max_size</a> and
     <a href="info.configuration.php#ini.max-input-time" class="link">max_input_time</a> directives
     in <var class="filename">php.ini</var>
    <br />
   </p></blockquote>

   <p class="para">
    PHP also supports PUT-method file uploads as used by
    <span class="productname">Netscape Composer</span> and W3C&#039;s
    <span class="productname">Amaya</span> clients.  See the <a href="features.file-upload.put-method.php" class="link">PUT Method
    Support</a> for more details.
   </p>

   <p class="para">
    </p><div class="example">
     <p><b>Example #1 File Upload Form</b></p>
     <div class="example-contents para"><p>
      A file upload screen can be built by creating a special form which
      looks something like this:
     </p></div>
     <div class="example-contents programlisting">
<div class="htmlcode"><pre class="htmlcode">&lt;!-- The data encoding type, enctype, MUST be specified as below --&gt;
&lt;form enctype=&quot;multipart/form-data&quot; action=&quot;__URL__&quot; method=&quot;POST&quot;&gt;
    &lt;!-- MAX_FILE_SIZE must precede the file input field --&gt;
    &lt;input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;30000&quot; /&gt;
    &lt;!-- Name of input element determines name in $_FILES array --&gt;
    Send this file: &lt;input name=&quot;userfile&quot; type=&quot;file&quot; /&gt;
    &lt;input type=&quot;submit&quot; value=&quot;Send File&quot; /&gt;
&lt;/form&gt;</pre>
</div>
     </div>

     <div class="example-contents para"><p>
      The <i>__URL__</i> in the above example should be replaced,
      and point to a PHP file.
     </p></div>
     <div class="example-contents para"><p>
      The <i>MAX_FILE_SIZE</i> hidden field (measured in bytes) must
      precede the file input field, and its value is the maximum filesize accepted by PHP.
      This form element should always be used as it saves users the trouble of
      waiting for a big file being transferred only to find that it was too
      large and the transfer failed.  Keep in mind: fooling this setting on the
      browser side is quite easy, so never rely on files with a greater size
      being blocked by this feature. It is merely a convenience feature for
      users on the client side of the application. The PHP settings (on the server
      side) for maximum-size, however, cannot be fooled.
     </p></div>
    </div><p>
   </p>

   <blockquote><p><b class="note">Note</b>:
   
     Be sure your file upload form has attribute <i>enctype=&quot;multipart/form-data&quot;</i>
     otherwise the file upload will not work.
    <br />
   </p></blockquote>

   <p class="para">
    The global <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES</a></var>
    exists as of PHP 4.1.0 (Use <var class="varname">$HTTP_POST_FILES</var>
    instead if using an earlier version).
    These arrays will contain all the uploaded file information.
   </p>

   <p class="para">
    The contents of <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES</a></var>
    from the example form is as follows. Note that this assumes the use of
    the file upload name <em class="emphasis">userfile</em>, as used in the example
    script above. This can be any name.
    </p><dl>

     <dt class="varlistentry">

      <span class="term"><var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['name']</a></var></span>

      </dt><dd class="listitem">

       <p class="para">
        The original name of the file on the client machine.
       </p>
      </dd>

    
     <dt class="varlistentry">

      <span class="term"><var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['type']</a></var></span>

      </dt><dd class="listitem">

       <p class="para">
        The mime type of the file, if the browser provided this
        information.  An example would be
        <i>&quot;image/gif&quot;</i>. This mime type is however
        not checked on the PHP side and therefore don&#039;t take its value
        for granted.
       </p>
      </dd>

    
     <dt class="varlistentry">

      <span class="term"><var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['size']</a></var></span>

      </dt><dd class="listitem">

       <p class="para">
        The size, in bytes, of the uploaded file.
       </p>
      </dd>

    
     <dt class="varlistentry">

      <span class="term"><var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['tmp_name']</a></var></span>

      </dt><dd class="listitem">

       <p class="para">
        The temporary filename of the file in which the uploaded file
        was stored on the server.
       </p>
      </dd>

    
     <dt class="varlistentry">

      <span class="term"><var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['error']</a></var></span>

      </dt><dd class="listitem">

       <p class="para">
        The <a href="features.file-upload.errors.php" class="link">error code</a>
        associated with this file upload. This element was added in PHP 4.2.0
       </p>
      </dd>

    
    </dl>
<p>
   </p>

   <p class="para">
    Files will, by default be stored in the server&#039;s default temporary
    directory, unless another location has been given with the <a href="ini.core.php#ini.upload-tmp-dir" class="link">upload_tmp_dir</a> directive in
    <var class="filename">php.ini</var>. The server&#039;s default directory can
    be changed by setting the environment variable
    <span class="envar">TMPDIR</span> in the environment in which PHP runs.
    Setting it using <a href="function.putenv.php" class="function">putenv()</a> from within a PHP
    script will not work. This environment variable can also be used
    to make sure that other operations are working on uploaded files,
    as well.
    </p><div class="example">
     <p><b>Example #2 Validating file uploads</b></p>
     <div class="example-contents para"><p>
      See also the function entries for <a href="function.is-uploaded-file.php" class="function">is_uploaded_file()</a>
      and <a href="function.move-uploaded-file.php" class="function">move_uploaded_file()</a> for further information. The
      following example will process the file upload that came from a form.
     </p></div>
     <div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;In&nbsp;PHP&nbsp;versions&nbsp;earlier&nbsp;than&nbsp;4.1.0,&nbsp;$HTTP_POST_FILES&nbsp;should&nbsp;be&nbsp;used&nbsp;instead<br />//&nbsp;of&nbsp;$_FILES.<br /><br /></span><span style="color: #0000BB">$uploaddir&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">'/var/www/uploads/'</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$uploadfile&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$uploaddir&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #0000BB">basename</span><span style="color: #007700">(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'name'</span><span style="color: #007700">]);<br /><br />echo&nbsp;</span><span style="color: #DD0000">'&lt;pre&gt;'</span><span style="color: #007700">;<br />if&nbsp;(</span><span style="color: #0000BB">move_uploaded_file</span><span style="color: #007700">(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'tmp_name'</span><span style="color: #007700">],&nbsp;</span><span style="color: #0000BB">$uploadfile</span><span style="color: #007700">))&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #DD0000">"File&nbsp;is&nbsp;valid,&nbsp;and&nbsp;was&nbsp;successfully&nbsp;uploaded.\n"</span><span style="color: #007700">;<br />}&nbsp;else&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #DD0000">"Possible&nbsp;file&nbsp;upload&nbsp;attack!\n"</span><span style="color: #007700">;<br />}<br /><br />echo&nbsp;</span><span style="color: #DD0000">'Here&nbsp;is&nbsp;some&nbsp;more&nbsp;debugging&nbsp;info:'</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">print_r</span><span style="color: #007700">(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">);<br /><br />print&nbsp;</span><span style="color: #DD0000">"&lt;/pre&gt;"</span><span style="color: #007700">;<br /><br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
     </div>

    </div><p>
   </p>
   <p class="simpara">
    The PHP script which receives the uploaded file should implement
    whatever logic is necessary for determining what should be done
    with the uploaded file. You can, for example, use the
    <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['size']</a></var> variable
    to throw away any files that are either too small or too big.  You
    could use the
    <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['type']</a></var> variable
    to throw away any files that didn&#039;t match a certain type criteria, but
    use this only as first of a series of checks, because this value
    is completely under the control of the client and not checked on the PHP
    side.
    As of PHP 4.2.0, you could use <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['error']</a></var>
    and plan your logic according to the <a href="features.file-upload.errors.php" class="link">error codes</a>.
    Whatever the logic, you should either delete the file from the
    temporary directory or move it elsewhere.
   </p>
   <p class="simpara">
    If no file is selected for upload in your form, PHP will return
    <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['size']</a></var> as 0, and
    <var class="varname"><a href="reserved.variables.files.php" class="classname">$_FILES['userfile']['tmp_name']</a></var> as none.
   </p>
   <p class="simpara">
    The file will be deleted from the temporary directory at the end
    of the request if it has not been moved away or renamed.
   </p>
    <div class="example">
     <p><b>Example #3 Uploading array of files</b></p>
     <div class="example-contents para"><p>
      PHP supports <a href="faq.html.php#faq.html.arrays" class="link">HTML array feature</a>
      even with files.
     </p></div>
     <div class="example-contents programlisting">
<div class="htmlcode"><pre class="htmlcode">&lt;form action=&quot;&quot; method=&quot;post&quot; enctype=&quot;multipart/form-data&quot;&gt;
&lt;p&gt;Pictures:
&lt;input type=&quot;file&quot; name=&quot;pictures[]&quot; /&gt;
&lt;input type=&quot;file&quot; name=&quot;pictures[]&quot; /&gt;
&lt;input type=&quot;file&quot; name=&quot;pictures[]&quot; /&gt;
&lt;input type=&quot;submit&quot; value=&quot;Send&quot; /&gt;
&lt;/p&gt;
&lt;/form&gt;</pre>
</div>
     </div>

     <div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #007700">foreach&nbsp;(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">"pictures"</span><span style="color: #007700">][</span><span style="color: #DD0000">"error"</span><span style="color: #007700">]&nbsp;as&nbsp;</span><span style="color: #0000BB">$key&nbsp;</span><span style="color: #007700">=&gt;&nbsp;</span><span style="color: #0000BB">$error</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(</span><span style="color: #0000BB">$error&nbsp;</span><span style="color: #007700">==&nbsp;</span><span style="color: #0000BB">UPLOAD_ERR_OK</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">$tmp_name&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">"pictures"</span><span style="color: #007700">][</span><span style="color: #DD0000">"tmp_name"</span><span style="color: #007700">][</span><span style="color: #0000BB">$key</span><span style="color: #007700">];<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">$name&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">"pictures"</span><span style="color: #007700">][</span><span style="color: #DD0000">"name"</span><span style="color: #007700">][</span><span style="color: #0000BB">$key</span><span style="color: #007700">];<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">move_uploaded_file</span><span style="color: #007700">(</span><span style="color: #0000BB">$tmp_name</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"data/</span><span style="color: #0000BB">$name</span><span style="color: #DD0000">"</span><span style="color: #007700">);<br />&nbsp;&nbsp;&nbsp;&nbsp;}<br />}<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
     </div>

    </div>
   <p class="para">
    File upload progress bar can be implemented by <a href="apc.configuration.php#ini.apc.rfc1867" class="link">apc.rfc1867</a>.
   </p>
  </div><?php manual_footer(); ?>
 
show source | credits | sitemap | contact | advertising | mirror sites