File Upload Validation in PHP

In this article, you will learn file upload validation using the PHP programming language. While uploading a file, there may be a need to validate the uploaded file type, file size, existence of the uploaded file, and so on. PHP provides HTTP File Upload variables $_FILES, which is an associative array containing uploaded items via the HTTP POST method.









Here is a simple example of how to upload a file and apply all types of file validation using PHP. As file upload involves potential security risks, we have mitigated these risks where possible.

File Upload Validation in PHP

index.php

<html>
<head>
	<title>File Upload Validation in PHP</title>
</head>
<body>
<form action='#' method="post" enctype="multipart/form-data">
	<input type="file" name="uploadedfile" />
	<input type="Submit" value="Submit" />
</form>
<?php 
	if($_FILES['uploadedfile']['error'] > 0 ){
		echo 'There is problem in file upload';
		switch($_FILES['uploadedfile']['error'])
		{
			case 1: echo 'File exceeded upload_max_filesize'; break;
			case 2: echo 'File exceeded max_file_size'; break;
			case 3: echo 'File only partially uploaded'; break;
			case 4: echo 'No file uploaded'; break;
		}
		exit;
	}
	// Check for right MIME types
	if($_FILES['uploadedfile']['type'] != 'text/plain'){
		echo 'File is not plain text';
		exit;
	}
	//Set file location
	$uploadedfile = 'upload/'.$_FILES['uploadedfile']['name'];
	
	if(is_uploaded_file($_FILES['uploadedfile']['tmp_name']))
	{
		if(!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadedfile))
		{
			echo 'File does not move to destination directory';
			exit;
		}
	}
	else {
		echo 'File is not uploaded';
		exit;
	}
	
	echo 'File uploaded successfully';
	
	//Get the content of uploaded file
	$fopen = fopen($uploadedfile, 'r');
	$contents = fread($fopen, filesize($uploadedfile));
	fclose($fopen);
	
	$contents = strip_tags($contents);
	$fopen = fopen($uploadedfile, 'w');
	fwrite($fopen, $contents);
	fclose($fopen);
	
	// Print the contents of uploaded file
	echo '<br/><br/>';
	echo $contents;
?>
</body>
</html>

In the above code, the uploaded file is stored in a superglobal array "$_FILES", which contains-

$_FILES['uploadedfile']['error']- to check the error code.
$_FILES['uploadedfile']['type']- to get the uploaded file type.
$_FILES['uploadedfile']['name']- to get the uploaded file name.
$_FILES['uploadedfile']['tmpname']- As the uploaded file is first stored in a temporary directory, it is used to get the temporary file name.

After that, we checked the uploaded file contents. For this, we first clean out any stray HTML or PHP tags that might be in the file using the strip_tags() function, and then print the uploaded file contents.









Related Articles

Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
PHP MYSQL Advanced Search Feature
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
PHP random quote generator
PHP convert string into an array
PHP remove HTML and PHP tags from string
Import Excel File into MySQL using PHP
PHP array length
Import Excel File into MySQL Database using PHP
PHP String Contains
PHP remove last character from string
PHP random quote generator
PHP calculate percentage of total








Read more articles


General Knowledge



Learn Popular Language