Shuttleu
07-01-2009, 05:24 AM
In this tutorial i will show you how to create you very first File Uploader in PHP
now this is a very simple one but at least it will get some people started
so first you will want something to run the files on, if you have php and apache installed then your fine otherwise you will need to find a host which has php and apache installed
now your going to create 2 files
the first one will be to select the file and click upload and the other will tell you where the file is and give you a link to where it is
so in your first file put this code and call it index.html
<html>
<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
now i will explain what each line does one by one
the first two
<html>
<body>
just declare that it is a html file and that it is the start of the body of the page
the next line
<form action="upload.php" method="post" enctype="multipart/form-data">
tells the browser that you are starting a form that should take you to a file called upload.php when you click the submit button
after that we have
<label for="file">Filename:</label>
now this is just prints out a bit of text nothing else
then we have
<input type="file" name="file" id="file" />
now this tells the browser to make a box with a button beside it saying browse so you can choose a file
is also calls it file
then after that we have
<input type="submit" name="submit" value="Submit" />
and that is the submit button and tells it to take us to upload.php when it is clicked
then the last few lines are
</form>
</body>
</html>
which tells the browser that we are at the end of the form and the body and the html file
now with that done it should look like this
http://oneunderuk.com/upload/
now on to the next file
make a file called upload.php in in there put
<html>
<body>
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
?>
</body>
</html>
once again you have the two tags at the top telling the browser that your inside the body
now the next line is new and something we havent come across before
it is
<?php
that baisicaly says that everything in there is php code until you get to
?>
the next line
if ($_FILES["file"]["error"] > 0)
checks whether there was a problen uploading the file
if there was then it will write a messge on the screen saying Error: then the error
echo "Error: " . $_FILES["file"]["error"] . "<br />";
and if there wasnt a error then it will call whatever is in the block after it
$_FILES["file"]["name"]
is what the file that you uploaded is called
so the line that says
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
prints out on the screen Uploaded : then the file name
now when you upload the file it makes a temporary file of it which then gets deleted once the script has finished :eek:
and that is what the next line is for
you want to move it before the script is finished so it can be downoaded at a later date
so
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); moved the file from the temporary folder to a folder called upload so it wont get deleted when the script finishes *phew*
but now you want to download the file dont you?
and thats what the next line is for
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
that prints out on the screen where the file is so you can copy that link and paste it in the the bar at the top and you can download it :D
then you have the
?>
which says that your at the end of the php script
then there is the
</body>
</html>
which says that your at the end of the file
now $_FILES["file"]["name"] tells you the name of the file
but there are other stuff that you can use as well
$_FILES["file"]["name"] //returns the file name
$_FILES["file"]["type"] //returns the file type
$_FILES["file"]["error"] //returns if there was a error while uploading the file
$_FILES["file"]["tmp_name"] //returns where the temp file is located
$_FILES["file"]["size"] //returns the files size in bytes
now if someone uploads a file with the same name then it will overwrite the old one :eek: oh noes...
but using the name of the file means that we can see if it has already been taken
so if you replace upload.php with
<html>
<body>
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
?>
</body>
</html>
i added a check to see if the file already exists
if it does then it wont overwrite the old one but it will tell you that you need to rename it and try again
if it doesnt exist then it will move it so it can be downloaded
that way it will stop any files from eing over written :)
also you can use this methood of setting a upload limit or a certain upload type
this will stop anyone from uploading anything above 200 meg
<html>
<body>
<?php
if ($_FILES["file"]["size"] < 200*1024*1024)
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
}
else
{
echo "The file is too large";
}
?>
</body>
</html>
you can also use the same tecnique for checking the file type
<html>
<body>
<?php
if ($_FILES["file"]["type"] = "application/octet-stream")
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
}
else
{
echo "Invalid file type";
}
?>
</body>
</html>
that will stop anyone from uploading any bat files
well i hope this has helped anyone
it may be a bit hard to understand but i didnt plan anyof this out and i just wrote it from my head as i went along
any questions or comments dont hesitate to post
for a working copy go to http://oneunderuk.com/upload
~shut
now this is a very simple one but at least it will get some people started
so first you will want something to run the files on, if you have php and apache installed then your fine otherwise you will need to find a host which has php and apache installed
now your going to create 2 files
the first one will be to select the file and click upload and the other will tell you where the file is and give you a link to where it is
so in your first file put this code and call it index.html
<html>
<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
now i will explain what each line does one by one
the first two
<html>
<body>
just declare that it is a html file and that it is the start of the body of the page
the next line
<form action="upload.php" method="post" enctype="multipart/form-data">
tells the browser that you are starting a form that should take you to a file called upload.php when you click the submit button
after that we have
<label for="file">Filename:</label>
now this is just prints out a bit of text nothing else
then we have
<input type="file" name="file" id="file" />
now this tells the browser to make a box with a button beside it saying browse so you can choose a file
is also calls it file
then after that we have
<input type="submit" name="submit" value="Submit" />
and that is the submit button and tells it to take us to upload.php when it is clicked
then the last few lines are
</form>
</body>
</html>
which tells the browser that we are at the end of the form and the body and the html file
now with that done it should look like this
http://oneunderuk.com/upload/
now on to the next file
make a file called upload.php in in there put
<html>
<body>
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
?>
</body>
</html>
once again you have the two tags at the top telling the browser that your inside the body
now the next line is new and something we havent come across before
it is
<?php
that baisicaly says that everything in there is php code until you get to
?>
the next line
if ($_FILES["file"]["error"] > 0)
checks whether there was a problen uploading the file
if there was then it will write a messge on the screen saying Error: then the error
echo "Error: " . $_FILES["file"]["error"] . "<br />";
and if there wasnt a error then it will call whatever is in the block after it
$_FILES["file"]["name"]
is what the file that you uploaded is called
so the line that says
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
prints out on the screen Uploaded : then the file name
now when you upload the file it makes a temporary file of it which then gets deleted once the script has finished :eek:
and that is what the next line is for
you want to move it before the script is finished so it can be downoaded at a later date
so
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); moved the file from the temporary folder to a folder called upload so it wont get deleted when the script finishes *phew*
but now you want to download the file dont you?
and thats what the next line is for
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
that prints out on the screen where the file is so you can copy that link and paste it in the the bar at the top and you can download it :D
then you have the
?>
which says that your at the end of the php script
then there is the
</body>
</html>
which says that your at the end of the file
now $_FILES["file"]["name"] tells you the name of the file
but there are other stuff that you can use as well
$_FILES["file"]["name"] //returns the file name
$_FILES["file"]["type"] //returns the file type
$_FILES["file"]["error"] //returns if there was a error while uploading the file
$_FILES["file"]["tmp_name"] //returns where the temp file is located
$_FILES["file"]["size"] //returns the files size in bytes
now if someone uploads a file with the same name then it will overwrite the old one :eek: oh noes...
but using the name of the file means that we can see if it has already been taken
so if you replace upload.php with
<html>
<body>
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
?>
</body>
</html>
i added a check to see if the file already exists
if it does then it wont overwrite the old one but it will tell you that you need to rename it and try again
if it doesnt exist then it will move it so it can be downloaded
that way it will stop any files from eing over written :)
also you can use this methood of setting a upload limit or a certain upload type
this will stop anyone from uploading anything above 200 meg
<html>
<body>
<?php
if ($_FILES["file"]["size"] < 200*1024*1024)
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
}
else
{
echo "The file is too large";
}
?>
</body>
</html>
you can also use the same tecnique for checking the file type
<html>
<body>
<?php
if ($_FILES["file"]["type"] = "application/octet-stream")
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. Please rename it and try again";
}
else
{
echo "Uploaded : " . $_FILES["file"]["name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "You can download it at<br/>" . "http://oneunderuk.com/upload/upload/" . $_FILES["file"]["name"]."<br/>";
}
}
}
else
{
echo "Invalid file type";
}
?>
</body>
</html>
that will stop anyone from uploading any bat files
well i hope this has helped anyone
it may be a bit hard to understand but i didnt plan anyof this out and i just wrote it from my head as i went along
any questions or comments dont hesitate to post
for a working copy go to http://oneunderuk.com/upload
~shut