Screen Shot for Thumnbails


Conn Warwicker



Portfolio

Scripts and Websites I've made using PHP and MySQL mainly.

Snippets

Code snippets and mini tutorials

Contact

Contact me if you have any questions or queries



Home / Snippets / file_upload

This section is new and undergoing snippet addition, as of 13/6/11

File Upload



Here is a simple PHP class for uploading files via an HTML form.

<?php
/**
 * Upload a file with PHP
 *
 * @author Conn Warwicker
 */
class Upload
{

    private $mime_types = array();
    private $file;
    private $upload_dir;
    private $max_size;

    public function __construct($f)
    {
        $this->file = $f;
        $this->upload_dir = "upload_picture/";
        $this->max_size = 1000000;

        /*
         * Un-comment mime types as appropriate, by removing the "/*" from the end of each section
         * For example, if you only want to be able to upload images, then only have the image types un-commented, leave everything else commented.
         */

        /* MIME Types */

        /* Common Image Types */ 
        $this->mime_types[] = "image/bmp";
        $this->mime_types[] = "image/gif";
        $this->mime_types[] = "image/jpeg";

        /* Common Text Document Types */ /*
        $this->mime_types[] = "text/plain";
        $this->mime_types[] = "text/richtext";
        $this->mime_types[] = "application/pdf";

        /* Common Microsoft Office Types */ /*
        $this->mime_types[] = "application/msword";
        $this->mime_types[] = "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
        $this->mime_types[] = "application/vnd.ms-excel";
        $this->mime_types[] = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
        $this->mime_types[] = "application/vnd.ms-powerpoint";
        $this->mime_types[] = "application/vnd.openxmlformats-officedocument.presentationml.presentation";

        /* Common Audio Types */ /*
        $this->mime_types[] = "audio/mpeg";
        $this->mime_types[] = "audio/mid";
        $this->mime_types[] = "audio/wav";
        $this->mime_types[] = "audio/x-wav";
        $this->mime_types[] = "audio/x-pn-realaudio";

        /* Common Video Types */ /*
        $this->mime_types[] = "video/x-msvideo";
        $this->mime_types[] = "video/quicktime";
        $this->mime_types[] = "video/mpeg";
        $this->mime_types[] = "application/vnd.rn-realmedi";
        $this->mime_types[] = "video/x-ms-wmv";

        /* End of MIME Types */

    }

    public function upload()
    {
        $fileName = $this->file["name"];
        $fileType = $this->file["type"];
        $fileSize = $this->file["size"];
        $fileTemp = $this->file["tmp_name"];
        $err = false;

        if(!in_array($fileType, $this->mime_types))
        {
            $err = true;
            echo "Error: Invalid File Type";
        }
        
        if($fileSize > $this->max_size)
        {
            $err = true;
            echo "Error: File Exceeds Maximum Upload Size (".($this->max_size / 1024)." KB)";
        }

        if(!$err)
        {
            $upload = move_uploaded_file($fileTemp, $this->upload_dir . $fileName);
            if($upload)
            {
                echo "File Uploaded Successfully";
            }
            else
            {
                echo "Error uploading file";
            }
        }

    }


}

?>


This could then be used like so:

<?php
if(isset($_FILES['woot']))
{
    $upload = new Upload($_FILES['woot']);
    $upload->upload();
}
?>
<form action="" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="woot" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>


That HTML form contains one input called "woot". We do a quick check to see if the form has been submitted, and if it has then we create the Upload object, passing the submitted file to it and tell it to upload().

But also remember that to make sure your file uploading is secure, there are other things you may want to consider:

  • Only allow the MIME types that you want (E.g. Images)
  • Making users login before they can upload anything
  • Renaming the uploaded files, to stop file extension hijacking, such as "myfile.php;.jpg"
  • Change the permissions on the upload folder so that files inside are not executable
  • Checking the actual extension of the file as well as the MIME type


Leave a Comment


Comment

All fields are required

Your Name


Your Email Address


Your Comment


Human Validation

What animal is this above:






Comments


No Comments Have Been Made