The Basics of Uploading a File in PHP

I am a senior PHP developer. It’s what I tell myself, anyway.

That means I should know how to do stuff life this.

I had to handle a file-upload in a project recently, without the hand-holding of a framework, and I found it harder than I remembered.

Here’s all the bits and pieces I nearly forgot about.

Is PHP going to let you upload your file? How big a file can I upload?

Check the following section in your php.ini file and check your settings.

The most important thing here is file_uploads (which is normally on by default) and upload_max_filesize (which is normally smaller than you need by default). Also, pay attention to upload_tmp_dir… you’ll need this shortly.

You’re not done yet. One more setting to change.

If you haven’t changed this setting, you’ll see error messages like these:

If you don’t have easy access to your PHP.ini file, or you’re not sure which php.ini file Apache is running you can also figure this out by creating a quick and dirty PHP script.

Is your HTML form going to let you upload your file?

The sections in bold are actually important. The enctype tells HTML to send up a file. PHP pays attention to the magic MAX_FILE_SIZE form field and will dis-allow your file if it’s too small. You should also set the MIME type of the file, if you know what you’re going to be dealing with.

Hit your fancy Upload button, and assume you’ve got PHP sitting at that /upload endpoint.

What has PHP done with my file?

PHP sticks your file in one it’s magical autoglobals, $_FILES. If all has gone according to plan, $_FILES will be populated with details about the file you’ve just uploaded. Note that PHP is set up to handle multiple file-uploads at the same time, so $_FILES is an array of files, and will be keyed by the name used in the file field. Above, we used the string myfile, so we’ll use the same below.

It has also taken the uploaded file, and stuck it in a temporary folder with a temporary name.

If you have set the upload_tmp_dir directory above, then you’ll know exactly where it is.

If you haven’t or can’t, it will upload it to the default system temp directory. Normally, (and what is normal, exactly?) this is /tmp but this is not information you can go to the bank with. You should double-check. To do this, you can use the standard function: sys_get_temp_dir().

The files will also be uploaded with a temporary name, so you’ll need to rename it. Normally we’ll use the value of $_FILES['myfile']['name'].

How do I use this file?

If you want to keep your file around, you’ll need to move it out of the temp directory to a permanent location, and rename it.

Normally you’d do something like this:

Can I do something with a Zip file?

Yes, you’re in luck.

PHP has a standard library that you can use, and it is straightforward.

(Also, you can and should validate by checking the MIME type.)


That’s it!

I say it’s for you, but this article is really for me so I can continue to look like a senior PHP dev.

Code geek. Board game geek. Coffee geek. Bible geek.

Code geek. Board game geek. Coffee geek. Bible geek.