PHP File Uploads



The FILES Array



The $_FILES array is a superglobal array that is used in conjunction with the HTML input tag that has type=file. For a file upload to work, the form tag must have enctype='multipart/form-data' as an attribute and the method must be post. It is possible to upload files through AJAX, but it is more difficult. When the form is submitted, the files is uploaded to a temporary directory on the server. We use the $_FILES array to access information about the file. The $_FILES array uses the value of the name attribute to identify the file in question (like a post variable), and then adds a second key to determine the information about the file that is desired. The keys associated with the $_FILES array are as follows: So, to access the size of the file that was uploaded with name='currentNewsletter', the php code would be
 $_FILES['currentNewsletter']['size'];

The following are possible error messages that can result from an error in an uploaded file: If you want to limit the size of the file that users are uploading, add an input in the form with type=hidden that looks as follows. The value below allows for a 1MB file or below to be uploaded.
 < input type='hidden' name='MAX_FILE_SIZE' value='1000000' / > 


Once correctly uploaded, the file needs to be moved to a permanent location using the move_uploaded_file() method. Before moving the uploaded file, you should ensure that the file exsists using is_uploaded_file(). An example of this code is as follows:
if(is_uploaded_file($_FILES['myfile']['tmp_name'])
	move_uploaded_file($_FILES['myfile']['tmp_name'], "path/to/dir/newname.ext");



Directories:



PHP also provides the ability to read/write/manipulate directories. Some of the functionality is described below:

File Permissions (from http://www.htmlite.com/php042.php)



When uploading/accessing files on the server, it is important to set the appropriate permissions. Each digit is a number value from 0 to 7. The value specifies what capabilities are available (or not). These numbers correspond to 3 command types. Read, write and execute. Here are the possible combinations available using these command types :
Digit rwx Result
0 - - - no access
1 - - x execute
2 - w - write
3 - w x write and execute
4 r - - read
5 r - x read and execute
6 r w - read and write
7 r w x read, write and execute
The first number represents the host server. This will usually be set to 7 giving the host full permission on the files in the folder. The second number represents the group (YOU - the individual being hosted). And the third number represents the world (the visitors to the site). Normally, on free hosts, these two digits will be set to 4, allowing the reading (and displaying) of files. Thus, no executing capabilities.
  1. Typical settings for files are 777, 755, 666 or 644.
  2. Typical settings for directories are 777 or 755.
  3. Cgi scripts 755, data files 666, and configuration files 644