Created
May 13, 2012 15:03
-
-
Save taterbase/2688850 to your computer and use it in GitHub Desktop.
Simple file upload in php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Upload your files</title> | |
| </head> | |
| <body> | |
| <form enctype="multipart/form-data" action="upload.php" method="POST"> | |
| <p>Upload your file</p> | |
| <input type="file" name="uploaded_file"></input><br /> | |
| <input type="submit" value="Upload"></input> | |
| </form> | |
| </body> | |
| </html> | |
| <?PHP | |
| if(!empty($_FILES['uploaded_file'])) | |
| { | |
| $path = "uploads/"; | |
| $path = $path . basename( $_FILES['uploaded_file']['name']); | |
| if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) { | |
| echo "The file ". basename( $_FILES['uploaded_file']['name']). | |
| " has been uploaded"; | |
| } else{ | |
| echo "There was an error uploading the file, please try again!"; | |
| } | |
| } | |
| ?> |
Thank you very much, this one finally works!
For the ones complaining, the point of this script is that beginners can understand the base code for uploading files, and can add validation afterwards.
Thank you,
Late to the party, but THANK YOU for putting a dead simple minimalist version of an upload. The only other guides I saw had all this extra crap that caused errors, required multiple files, etc.
This file just works. You might need to change your download folder, but it's simple and solid.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a terrible example of handling file uploads.
It does not check for file upload errors (via the 'errors' element under $_FILES).
The 'name' is specified by the client and should not be trusted. It may also contain characters that are not valid for filenames on the servers filesystem.
There's no handling of duplicate filenames - one file upload could overwrite a previous file upload.
This code does not check the content of the uploaded file. You may be expecting an image to be uploaded, but the client may upload a PHP script instead - if that file is uploaded to a web accessible directory, the client could then execute that PHP script. This would lead to further compromises of your server and/or your hosting being used for malicious purposes (phishing, illegal content).
You should always check the content of uploaded files using the fileinfo extension, mime_content_type(), or a function specific to the expected content type (eg. the type returned by getimagesize() for images)