PHP File Upload

PHP file upload tutorial will explain you How to upload a file in PHP? with example.

An exceptionally useful aspect of PHP is its capability to maintain file uploads to your server.
HTML Form for uploading a file.

HTML Form for uploading a file:

For uploading a file, you must first build an HTML form that lets users select a file to upload.

Here is a brief description of the important parts of the above code:

  • enctype=”multipart/form-data”– The enctype attribute of the
    tag specifies which content-type to use when submitting the form. “multipart/form-data” is used when a form requires binary data, like the contents of a file, to be uploaded.
  • action=”uploader.php” – The name of our PHP page that will be created, shortly.
  • method=”POST” – Informs the browser that we want to send information to the server using POST.
  • input type=”hidden” name=”MAX_FILE_SIZE” – Sets the maximum allowable file size, in bytes, that can be uploaded. We have set the max file size to 100KB in this example.
  • input name=”uploadedfile” – The type=”file” attribute of the <input> tag specifies that the input should be processed as a file. For example, when viewed in a browser, there will be a browse-button next to the input field.

After the user clicks submit, the data will be posted to the server and the user will be redirected to uploader.php.

Upload PHP script for uploading file:

When the uploader.php file is executed, the uploaded file exists in a temporary storage area on the server.
If the file is not moved to a different location it will be destroyed! To save our precious file we are going to need to make use of the $_FILES associative array.

The $_FILES array is where PHP stores all the information about files. There are two elements of this array that we will need to understand for this example.

  • uploadedfile – uploadedfile is the reference we assigned in our HTML form. We will need this to tell the $_FILES array which file we want to play around with.
  • $_FILES[‘uploadedfile’][‘name’] – name contains the original path of the user uploaded file.
  • $_FILES[‘uploadedfile’][‘tmp_name’] – tmp_name contains the path to the temporary file that resides on the server. The file should exist on the server in a temporary directory with a temporary name.

Now we can finally start to write a basic PHP upload manager script!
Here is how we would get the temporary file name, choose a permanent name, and choose a place to store the file.


NOTE: You will need to create a new directory in the directory where uploader.php resides, called “uploads”, as we are going to be saving files there.

We now have all we need to successfully save our file to the server. $target_path contains the path where we want to save our file to.

Restrictions on uploading file

In this script we add some restrictions to the file upload. The user may only upload .gif or .jpeg files and the file size must be under 20 kb:


Saving a file using PHP move_uploaded_file() function

Now all we have to do is call the PHP move_uploaded_file function and let PHP do its magic. The move_uploaded_file function needs to know 1) The path of the temporary file 2) The path where it is to be moved to.


If the upload is successful, then you will see the text “The file filename has been uploaded”.

This is because move_uploaded_file returns true if the file was moved, and false if it had a problem.
If there was a problem then the error message “There was an error uploading the file, please try again!” would be displayed.

Previous articlePHP File Handling
Next articlePHP Cookie
I am a young Information Systems Security Engineer(CEH). I had started with penetration testing when i am 17 years old. It all started with Kali linux and Metasploit.In free time i will play with Security holes/Bug bounty/Pentesting and Hacking !!!