You may also check the upload_max_filesize and other directives to see the limitations of your file uploads. If you're wanting to limit the filesize with this configuration directive, you can use an integer to represent the maximum filesize or you can use shorthand notation. In integer representation, you specify the maximum filesize (in bytes) that the server should accept. In shorthand notation you can use K, M, and G abbreviations which represent Kilobyte, Megabyte, and Gigabyte, respectively. However, remember that these shorthand notations are only available in php versions 5.1.0 and higher. If you have further questions about these commonly used directives you can consult the php.net file upload configuration help, because it is no longer discussed in this tutorial.
If you know a thing or two about the upload system, you can change the upload_tmp_dir directive. This directive allows you change the path that files are temporarily stored in while being uploaded. If you know about this then you can continue to use it; however, if you aren't familiar with what I'm talking about, don't sweat it because we won't talk about it and nor do we need to discuss it to make this tutorial successful.
: Note: If you are changing this make sure that the directory is writable.
Now that we've looked at some of the configuration precautions, we'll look at the HTML and PHP that makes this very useful tool possible. If you don't know HTML then don't worry about learning it from this tutorial, because I will only discuss the necessary parts of the <form> tag to make the upload system functional.
Here is my example code for upload.html as I have named my file. It doesn't matter what you name your file, just remember it for linking and what not.
upload.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-tr ansitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>PHP Upload System</title> </head> <body> <form name="file_uploader" action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="data"><br /> <input type="submit" name="upload" value="Upload File"> </form> </body> </html>
Now, you may notice that the enctype parameter of the <form> tag is set to multipart/form-data. This is the necessary setting for this if you wish to enable file uploads in the HTML form. If you do not have the enctype specified, or it is not set to multipart/form-data, then the upload will not work.
Okay, here comes the juicy part of the tutorial, the PHP code to make the upload work.
upload.php
<?php
# Check to see if the file is accessible
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set
$max_filesize = 999999;
$filetype = 'text/plain';
$upload_path = '/ngbbs/';
# Check to see if the filesize is too large
if ($_FILES['data']['size'] > $max_filesize) {
die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');
} // End if filesize is too large
# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check
# If file has gotten this far, it is successful
$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];
# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_na
me'], $copy_to);
# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}
echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>
Okay, now it's time to explain the pieces of code you see in front of you. The $_FILES (or $HTTP_POST_FILES in long form) superglobal holds the contents of the file that was uploaded just as $_POST (or $HTTP_POST_VARS in long form) and $_GET (or $HTTP_GET_VARS in long form) hold POST and GET variables, respectively. The first key of the array superglobal should be the name of the HTML file field which is being uploaded. In our case, I named the HTML field data so all the calls to $_FILES begin with the data element. Secondly, the other key you are accessing is the information you would like to retrieve about the file.
$_FILES['html_name']['name'] retrieves the file's name on the user's computer
$_FILES['html_name']['size'] retrieves the file's size in bytes
$_FILES['html_name']['type'] retrieves the file's mime type
$_FILES['html_name']['tmp_name'] retrieves the actual file itself
The checks are easy, but the most complicated part of the script is dealing with the upload. The path you are specifying to upload should be a path relative to your server's document root. Make sure that the path you are uploading to is writable, you may want to check CHMOD values.
The move_uploaded_file() function takes two parameters, the original file (being $_FILES['html_name']['tmp_name']) and the path you want to upload it to. This is pretty simple, since the steps are shown in detail in the code itself. This function is only available in versions 4.0.3 and higher. If you are running an older version you may want to use the copy() function instead, which requires identical arguments. The move_uploaded_file() and copy() functions return TRUE if successful and FALSE if unsuccessful. This makes it easy to determine if the file should be retrieved or stored in a database (or however you're managing the uploads) or discarded.
MultiQuote
| 