PHP: Upload Files to the Server

Contributed by William_Wilson  
Tagged: PHP programming  

• Tweet

Browse to next tech-recipes article

With PHP, it is simple to upload any file to your server.

uploader.php

<?php
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}?>


The form used to apply this uploading:

<form enctype="multipart/form-data" action="uploader.php" method="POST"^gt;
<input type="hidden" name="MAX_FILE_SIZE" value="1000" />
Upload File: <input name="uploadedfile" type="file" />
<input type="submit" value="Upload File" />
</form>


I suggest implementing a password (php) protection on this page to ensure noone other than the administrator can upload files. Missuse of uploading can surpass a server’s space and cause fines or bans of site owners. So be careful.

Questions/Comments: william_a_wilson@hotmail.com
-William. § (marvin_gohan)

You may also like -

PHP: Upload Files to the serverPHP: Password Protect Your pages.PHP: Delete or unlink a file on the serverXP/2k/2003: Install/Setup Windows TFTP serverSymfony: Troubleshooting file uploadsPassword protect a web directory with .htaccessUse your Sidekick to Admin your Shoutcast ServerHow do I Save Files from the Internet Directly into Google Docs?

 

5 Comments -

1. Kinox said on October 5, 2008

   Thanks for sharing the codes.

   Btw, there is this “File Thingie” script (free for personal use) that you may want to check out too.

   Quote: “It is a small web-based file manager written in PHP. It is intended for those who need to give others access to a part of their server’s file system when FTP is not practical.”

   Nope, I’m not related to the author. :)

2. Flight said on November 12, 2009

   it is good method to upload small files, but if we need to upload larg files then we need more complex code

   thanks

3. Anonymous said on February 24, 2010

   I agree it is a large security flaw as well without restricting access to this Script you have the potential to allow people to upload any file as the script dose NOT check for allowed file types meaning i could upload any type of script under 1000kbs.

   thats not all however when using commands that access the file system on your server you should make sure you develop the correct security measures as it gives hackers and other malicious sites the ability to not only modify your website but the file system on the server which can be have disastrous effects for your server.

   if you were to use such a script i could simply upload any type of script i like and use your server to make attacks against other peoples servers etc there are many problems with this basic script.

4. Robert said on August 12, 2011

   restrict the type of file that can be uploaded and also the file size is a step in the right direction

5. dba_boy said on November 15, 2011

   I tested, i changed the target path name and it works. :)

RSS feed for comments on this post. TrackBack URL

Leave a comment -