In this article, I’ll explain the basics of file upload in PHP. Firstly, we’ll go through the PHP configuration options that need to be in place for successful file uploads. Following that, we’ll develop a real-world example of how to upload a file.
Configure PHP Settings
There are a couple of PHP configuration settings that you’ll want to check beforehand for successful file uploads. In this section, we’ll go through each and every option which is important in regards to PHP file upload. These options can be configured in the php.ini file.
If you’re not sure where to find your php.ini file, you can use the
php_ini_loaded_file() to locate it. Just create a PHP file on your server with the following line, and open it from the browser.
Here is an excerpt from a setup file with some useful defaults.
; Whether to allow HTTP file uploads. file_uploads = On ; Temporary directory for HTTP uploaded files. ; Will use system default if not set. ;upload_tmp_dir = ; Maximum allowed size for uploaded files. upload_max_filesize = 16M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 ; Maximum size of POST data that PHP will accept. post_max_size = 20M max_input_time = 60 memory_limit = 128M max_execution_time = 30
The Key Settings
The value of the
file_uploads directive should be set to
On to allow file uploads. The default value of this directive is
upload_max_filesize directive allows you to configure the maximum size of the uploaded file. By default, it’s set to
2M (two megabytes) and you can override this setting using the .htaccess file as well. Two megabytes isn’t very much by today’s standards, so you might have to increase this. If you get an error that
file exceeds upload_max_filesize when you try to upload a file, you need to increase this value. If you do, be sure to also increase
post_max_size (see below).
Sets a temporary directory which will be used to store uploaded files. In most cases, you don’t need to worry about this setting. If you don’t set it, the system default temp directory will be used.
post_max_size directive allows you to configure the maximum size of POST data. Since files are uploaded with POST requests, this value must be greater than what you’ve set for the
upload_max_filesize directive. For example, if your
16M (16 megabytes), you might want to set
It allows you set the maximum number of files that can be uploaded at a time. The default is
20, a sensible amount.
It’s the maximum number of seconds a script is allowed to parse the input data. You should set it to a reasonable value if you’re dealing with large file uploads.
60 (60 seconds) is a good value for most apps.
memory_limit directive indicates the maximum amount of memory a script can consume. If you’re facing issues during upload of large files, you need to make sure that the value of this directive is greater than what you’ve set for the
post_max_size directive. The default value is
128M (128 megabytes), so unless you have a very large
upload_max_filesize, you don’t need to worry about this.
It’s the maximum number of seconds a script is allowed to run. If you’re facing issues during upload of large files, you can consider increasing this value.
30 (30 seconds) should work well for most apps.
Now let’s build a real-world example to demonstrate file upload in PHP.
Create the HTML Form
Once you’ve configured the PHP settings, you’re ready try out the PHP file upload capabilities.
Our GitHub repo has some sample code which I’m going to discuss throughout this article. So, if you want to follow along, go ahead and download it from GitHub.
We’re going to create two PHP files: index.php and upload.php. The index.php file holds code which is responsible for displaying the file upload form. On the other hand, the upload.php file is responsible for uploading a file to the server.
Also, a file will be uploaded in the uploaded_files directory, so you need to make sure that this folder exists and is writable by the
In this section, we’ll go through the key parts of the index.php file.
Let’s take a look at the index.php file on GitHub:
PHP File Upload%s', $_SESSION['message']); unset($_SESSION['message']); } ?>
Although, it may look like a typical PHP form, there’s an important difference in the value of the
enctype attribute of the