php file upload

We will use the html form we learned in previous lessons for PHP file upload processing. In this work where we will send files from other people's computers to our own server, we need to be a little careful and cautious for security. If we make a pure upload application without applying any conditions, anyone can send any file and software they want to our site, throw in their own codes and take over our site. For this, we will send the files to our site after thoroughly checking and approving them. First, we will look at the file extension, file size, and type of file. If we don't like the type or size, we won't buy it.

Preparing a PHP upload form

For this, as I said at the beginning, we will use the html form we explained before. And in this form, we will place the file form element, which will allow us to select the file to be sent. We will also add the "multipart/form-data" parameter to the form tag's enctype value since we will be uploading a file.     

When we open this form from our browser, an image like the example will appear. And when we press the send button, it will send the file to the gonder.php page we specified in the action parameter. With this form we created, we have now established a way for users to transfer files to us.

Checking and uploading the files sent to PHP

Now let's come to our application where the files will be sent, that is, in our example, we call gonder.php. to our page. First, we will check whether a file has been sent to our page. If we try to enter the page directly, we should not do anything. Then, using the $_FILES global variable, we will look at the size, type and extensions of the file sent to us. Again, we will check whether a file has been sent using the isset function. If it is sent, a directory named after the sent file element is created in the $_FILES global directory. In other words, we will use the name that we wrote in the name parameter of the form element. When we created our form, we wrote "file" to this value.


if(isset($_FILES['file'])) { echo 'File sent';} else { echo 'Please send a file';}

In this example, we only checked whether an upload was made to the page. Now, if the file has been sent, we are looking at its size and type. For these, we will look at the other subdirectory values ​​that the $_FILES global directory produces for our file,

let's show them in a table.

name    ;             Name of the file sent

type                  Type of file sent

tmp_name       The address where the sent file is temporarily hosted on the server.

size                   Size of the sent file in bytes

error                 Error code while sending the file

We will access the above values ​​as a subdirectory after entering our own file element name in the $_FILES global directory.


if(isset($_FILES['file'])) {
$error = $_FILES['file']['error'];
if($error != 0) {
echo 'An error occurred while loading.';
} else {
$size = $_FILES['file']['size']; if($size > (1024*1024*3)){
echo 'The file cannot be larger than 3MB.';
} else {
$type = $_FILES['file']['type'];
$name = $_FILES['file']['name'];
$extension = explode('.', $name) ;
$extension = $extension[count($extension)-1];
if($type != 'image/jpeg' || $extension  != 'jpg'){
echo 'You can only send JPG files.';
} else {
$file = $_FILES['file']['tmp_name'];
copy($file, 'files/' . $_FILES['file'< /span>]['name']);
echo 'Your file has been uploaded!';
}
}
}
}

Yes, I am aware that it was a very long and complex looking code, but if you examine the conditions from top to bottom, we actually checked them quite regularly and if all the conditions were met in the end, we took the file from the temporary directory and sent it to the files directory with the copy() function. Let me explain it in order.

First, we checked whether the page was sent to the page with the isset() function in the 1st line.

2. We checked whether there was any error in sending the file by looking at the error value in the file information sent in lines 3 and 3.

If the error value is 0, it means that no error has occurred. As we mentioned before, the reason for these errors may be due to things such as write permission.

$error = $_FILES['file']['error'];if($error != 0) {  echo 'An error occurred while loading.';} else { // ...6. In the and 7th lines, we took the size of the file with the size value and checked whether it was larger than (1024*1024*3).

The result of this calculation gives the value of 3MB in bytes. If it is larger than 3MB, we said do not accept it.

$size = $_FILES['file']['size'];if($size > (1024*1024*3)){    echo 'The file cannot be larger than 3MB.';} else { // ...We looked at the type of the file and its extension between lines 10 - 15. Here I used the “image/jpeg” type and jpg extension as an example, you can only use extensions or types depending on which files you allow. For example $extension == ‘jpg’ || $extension == ‘gif’ || You can ensure that only files with these three extensions are received by saying $extension == 'png'.

$type = $_FILES['file']['type'];$name = $_FILES['file'][ 'name'];$extension = explode('.', $extension);$extension = $extension[count($extension)-1];if($type != 'image/jpeg' || $extension != 'jpg') {   echo 'You can only send JPG files.';} else { // ...Finally, when the file passed all the conditions, we sent it from the temporary directory to the files folder we wrote in the 2nd parameter with the copy() function. $file = $_FILES['file' ]['tmp_name'];copy($file, 'files/' . $_FILES['file']['name']);echo 'Your file has been uploaded!';