File Upload Validation in PHP

In this article, you will learn file upload validation using PHP. While uploading a file, there may be need to validation the uploaded file type, file size, existence of uploaded file and so on. PHP provides HTTP File Upload variables $_FILES, which is an associative array containing an uploaded items via the HTTP POST method.

Here is a simple example to upload a file and apply all types of file validations using PHP. As file upload involves potential security risks, here we have mitigated these risks where possible.

File Upload Validation in PHP

index.php

<html>
<head>
	<title>File Upload Validation in PHP</title>
</head>
<body>
<form action='#' method="post" enctype="multipart/form-data">
	<input type="file" name="uploadedfile" />
	<input type="Submit" value="Submit" />
</form>
<?php 
	if($_FILES['uploadedfile']['error'] > 0 ){
		echo 'There is problem in file upload';
		switch($_FILES['uploadedfile']['error'])
		{
			case 1: echo 'File exceeded upload_max_filesize'; break;
			case 2: echo 'File exceeded max_file_size'; break;
			case 3: echo 'File only partially uploaded'; break;
			case 4: echo 'No file uploaded'; break;
		}
		exit;
	}
	// Check for right MIME types
	if($_FILES['uploadedfile']['type'] != 'text/plain'){
		echo 'File is not plain text';
		exit;
	}
	//Set file location
	$uploadedfile = 'upload/'.$_FILES['uploadedfile']['name'];
	
	if(is_uploaded_file($_FILES['uploadedfile']['tmp_name']))
	{
		if(!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadedfile))
		{
			echo 'File does not move to destination directory';
			exit;
		}
	}
	else {
		echo 'File is not uploaded';
		exit;
	}
	
	echo 'File uploaded successfully';
	
	//Get the content of uploaded file
	$fopen = fopen($uploadedfile, 'r');
	$contents = fread($fopen, filesize($uploadedfile));
	fclose($fopen);
	
	$contents = strip_tags($contents);
	$fopen = fopen($uploadedfile, 'w');
	fwrite($fopen, $contents);
	fclose($fopen);
	
	// Print the contents of uploaded file
	echo '<br/><br/>';
	echo $contents;
?>
</body>
</html>

In the above code, the uploaded file is stored in a superglobal array "$_FILES", which contains -

$_FILES['uploadedfile']['error'] - to check the error code.
$_FILES['uploadedfile']['type'] - to get the uploaded file type.
$_FILES['uploadedfile']['name'] - to get the uploaded file name.
$_FILES['uploadedfile']['tmpname'] - As the uploaded file first store in temporary directory, it is used to get the temporary file name.

After that, we have checked the uploaded file contents. For this, we first clean out any stray HTML or PHP tags that might be in the file using the strip_tags() function and then print the uploaded file contents.





Related Articles

Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
PHP MYSQL Advanced Search Feature
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL




Read more articles


General Knowledge



Learn Popular Language