Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Simple file upload in php
<!DOCTYPE html>
<title>Upload your files</title>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"></input><br />
<input type="submit" value="Upload"></input>
$path = "uploads/";
$path = $path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
echo "The file ". basename( $_FILES['uploaded_file']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
Copy link

amaddurrani commented Aug 17, 2018

Thanks alot it worked

Copy link

rlischer commented Aug 21, 2018

Works perfectly, thank you!

Copy link

yasin7044 commented Aug 25, 2018

I am getting this error

Warning: move_uploaded_file(images/WIN_20180406_20_47_39_Pro.jpg): failed to open stream: Permission denied in /home/vhosts/ on line 4

Warning: move_uploaded_file(): Unable to move '/tmp/phpKsH2uQ' to 'images/WIN_20180406_20_47_39_Pro.jpg' in /home/vhosts/ on line 4

Copy link

BAHC commented Aug 29, 2018

Your "simple" gist someone is using in real suspicious way: - - [27/Aug/2018:08:22:16 +0200] "GET /wp-content/plugins/wp-mobile-detector/resize.php?src= HTTP/1.1" 302 593 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"

Copy link

BAHC commented Aug 29, 2018

Please use action="PATH_TO_YOUR_UPLOAD_DIRECTORY/"; instead of action="upload.php" for this gist!
It is because there are someone using your gist to upload hazardous scripts at wordpress sites.

Copy link

gyaanesh commented Sep 7, 2018

really helpfull and easy to understand.
thank you

Copy link

yzzz-hub commented Sep 7, 2018

@BAHC: it's not the code problem. resize.php should sanitize the input instead of loading whatever being injected into get parameter.

Copy link

GioRosso commented Sep 20, 2018

hmm i wonder why if i upload a file larger than 1 mb the error came out -.-

I have the very same problem. Cannot upload files larger than 2MB. All file types are supported, but not all sizes. I don't think this has to do anything with the server, because I'm using PHP gallery, which uploads files up to 5MB.


Copy link

Amanrock123 commented Sep 29, 2018

Awesome tutorial's help me a lot...

Copy link

Geekgurus commented Oct 23, 2018

Thanks for this man.
Its legit!

Copy link

diamond95 commented Oct 25, 2018

DID YOU REALLY CLOSED <input TAG WITH < /input> ??


Copy link

qubadoff commented Oct 29, 2018

good work

Copy link

wonsuc commented Feb 7, 2019

I am getting this error

Warning: move_uploaded_file(images/WIN_20180406_20_47_39_Pro.jpg): failed to open stream: Permission denied in /home/vhosts/ on line 4

Warning: move_uploaded_file(): Unable to move '/tmp/phpKsH2uQ' to 'images/WIN_20180406_20_47_39_Pro.jpg' in /home/vhosts/ on line 4

Just give write permission to the folder.

Copy link

weshuiz commented Jul 24, 2019

straight from w3school -_- and it isn't even protected against ufu exploit...

Copy link

yosoyhendrix commented Oct 3, 2019


curl -F "uploaded_file=@my_file.txt" http: //server/upload.php


Copy link

faiswal commented Feb 28, 2020

i do not know where files go after uploading them

Copy link

mdyrma2 commented Apr 6, 2020

Thank you very much. Good tutorial.

Copy link

rwb99 commented Apr 18, 2020

make a "uploads" directory in the same place as you php file
mkdir uploads

change directory permissions
chmod 0777 /var/www/html/uploads

also make sure file_uploads = On is set in php.ini

setting upload_max_filesize = 10M and
post_max_size = 10M in php.ini should allow up to 10MB

but you also need to set client_max_body_size 10M; in nginx config or LimitRequestBody 10485760 in Apache

I'm still not having any success with uploading anything over 2mb

I'm using it for a wget server

Copy link

0cirius0 commented May 21, 2020

Thanks for this script.It really helped to solve bigger issue i was having in understanding a php upload code

Copy link

munjoob commented Jul 13, 2020

try kleeja php file upload script

Copy link

vparitorres commented Aug 27, 2020

Excelente ejemplo.. Gracias por publicar..

Copy link

kicktv commented Oct 28, 2020


work good.
thanks for the script

Copy link

justinweichTV commented Nov 1, 2020

it dosent work

Copy link

dsinclair-work commented Dec 17, 2020

Awesome script, works great as long as you create an upload folder in the same destination as the upload.php

Copy link

ghost commented Feb 1, 2021

thanks a lot bro :D

Copy link

FAlbanni commented May 12, 2021

This sucks anyone would be able to upload a .php file and take control of your server, do NOT use it!

Copy link

AllenJB commented Oct 9, 2021

This is a terrible example of handling file uploads.

It does not check for file upload errors (via the 'errors' element under $_FILES).

The 'name' is specified by the client and should not be trusted. It may also contain characters that are not valid for filenames on the servers filesystem.

There's no handling of duplicate filenames - one file upload could overwrite a previous file upload.

This code does not check the content of the uploaded file. You may be expecting an image to be uploaded, but the client may upload a PHP script instead - if that file is uploaded to a web accessible directory, the client could then execute that PHP script. This would lead to further compromises of your server and/or your hosting being used for malicious purposes (phishing, illegal content).

You should always check the content of uploaded files using the fileinfo extension, mime_content_type(), or a function specific to the expected content type (eg. the type returned by getimagesize() for images)

Copy link

Noemi4 commented Jan 1, 2022

Thank you very much, this one finally works!

Copy link

Noemi4 commented Jan 1, 2022

For the ones complaining, the point of this script is that beginners can understand the base code for uploading files, and can add validation afterwards.

Copy link

TinySonhh commented Feb 7, 2022

Thank you,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment