PHP File Upload
2 min read
PHP handles file uploads via the $_FILES superglobal and the move_uploaded_file() function.
1 - HTML Form
<form method="POST" enctype="multipart/form-data">
<input type="file" name="photo" accept="image/*">
<button type="submit">Upload</button>
</form>2 - PHP Handler
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$file = $_FILES["photo"];
$tmpPath = $file["tmp_name"];
$name = basename($file["name"]);
$size = $file["size"];
$error = $file["error"];
if ($error !== UPLOAD_ERR_OK) {
die("Upload error: $error");
}
move_uploaded_file($tmpPath, "uploads/" . $name);
echo "Uploaded: $name";
}3 - Validation
// Check real MIME type (not browser-provided)
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->file($tmpPath);
$allowed = ["image/jpeg", "image/png", "image/gif", "image/webp"];
$maxSize = 5 * 1024 * 1024; // 5 MB
if (!in_array($mimeType, $allowed)) {
die("Only images are allowed.");
}
if ($size > $maxSize) {
die("File exceeds 5 MB limit.");
}
// Unique filename to prevent overwrites
$ext = pathinfo($name, PATHINFO_EXTENSION);
$safeName = bin2hex(random_bytes(8)) . "." . $ext;
move_uploaded_file($tmpPath, "uploads/" . $safeName);
Related Tutorials:
- PHP Introduction
- PHP Getting Started
- PHP Syntax
- PHP Variables
- PHP Constants
- PHP Echo and Print Statements
- PHP Data Types
- PHP Strings
- PHP Operators
- PHP If…Else Statements
- PHP Switch Statement
- PHP While Loop
- PHP For Loop
- PHP Foreach Loop
- PHP Functions
- PHP Arrays
- PHP Sorting Arrays
- PHP String Functions
- PHP Math Functions
- PHP Date and Time
- PHP Include and Require
- PHP File Handling
- PHP Cookies
- PHP Sessions
- PHP Form Handling and Validation
- PHP Superglobals
- PHP Error Handling
- PHP Regular Expressions
- PHP JSON