hey I found a code on W3schools but that also does’nt works
Are you using a free account
Yes you can as long as it doesn’t violate the rules for php scripts. You are only uploading pictures just for you right?, not in public, and the files you are trying to upload is not bigger than 10 mb, and the php scripts is not bigger than 2mb, so its okay.
1 Like
Yes
But I don’t know what is happening I’ve been working on it from last two days but all I am getting is errors
Hey I can please give me the code you’re using.
Show us the code you were working. We just can’t imagine that code. We need you to show us that code.
Maybe its really your code problem. Try to search some codes from stackoverflow and other popular source code websites.
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
I found the following code on w3 schools
And later I was working on the following code
<?php
if(isset($_FILES['image'])){
$errors= array();
$file_name = $_FILES['image']['name'];
$file_size = $_FILES['image']['size'];
$file_tmp = $_FILES['image']['tmp_name'];
$file_type = $_FILES['image']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['image']['name'])));
$extensions= array("jpeg","jpg","png");
if(in_array($file_ext,$extensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if($file_size > 2097152) {
$errors[]='File size must be excately 2 MB';
}
if(empty($errors)==true) {
move_uploaded_file($file_tmp,"/".$file_name);
echo "Success";
}else{
print_r($errors);
}
}
?>
<html>
<body>
<form action = "" method = "POST" enctype = "multipart/form-data">
<input type = "file" name = "image" />
<input type = "submit"/>
<ul>
<li>Sent file: <?php echo $_FILES['image']['name']; ?>
<li>File size: <?php echo $_FILES['image']['size']; ?>
<li>File type: <?php echo $_FILES['image']['type'] ?>
</ul>
</form>
</body>
</html>
Hi I have my own simplest form of php upload. It works.
index.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>PHP File Upload</title> </head> <body> <form action="imageuploadscript.php" method="post" enctype="multipart/form-data"> Upload a File: <input type="file" name="the_file" id="fileToUpload"> <input type="submit" name="submit" value="Start Upload"> </form> </body> </html>
imageuploadscript.php
<?php $currentDirectory = ""; $uploadDirectory = "uploads/"; $errors = []; // Store errors here
$fileExtensionsAllowed = ['jpeg','jpg','png']; // These will be the only file extensions allowed
$fileName = $_FILES['the_file']['name']; $fileSize = $_FILES['the_file']['size']; $fileTmpName = $_FILES['the_file']['tmp_name']; $fileType = $_FILES['the_file']['type']; $fileExtension = strtolower(end(explode('.',$fileName))); $uploadPath = $currentDirectory . $uploadDirectory . basename($fileName); if (isset($_POST['submit'])) { if (! in_array($fileExtension,$fileExtensionsAllowed)) { $errors[] = "This file extension is not allowed. Please upload a JPEG or PNG file"; } if ($fileSize > 4000000) { $errors[] = "File exceeds maximum size (4MB)"; } if (empty($errors)) { $didUpload = move_uploaded_file($fileTmpName, $uploadPath); if ($didUpload) { echo "The file " . basename($fileName) . " has been uploaded"; } else { echo "An error occurred. Please contact the administrator."; } } else { foreach ($errors as $error) { echo $error . "These are the errors" . "\n"; } } } ?>
Thank You so much. For helping me but later this evening I found A small code on stackoverflow and it worked. Now, I will edit it and make it more secure.
Here’s the code
<?php
if(isset($_FILES['image'])){
$errors= array();
$file_name = $_FILES['image']['name'];
$file_tmp =$_FILES['image']['tmp_name'];
$extensions= array("jpeg","jpg","png");
move_uploaded_file($file_tmp,"/htdocs/images".$file_name);
}
?>
<html>
<body>
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="image" />
<input type="submit"/>
</form>
</body>
</html>
1 Like
Ok that’s good. I have tips.
TIPS:
-
Separate the PHP code from your form. This way it will minimize the attack of XSS (Cross Site Scripting). XSS is very dangerous & common attack in PHP.
-
Sanitize the Inputs.
-
Validate the Data
-
Have an error handling.
-
Obsfucate the code to prevent hackers easily know the PHP structure of your scripts.
Have fun.
REMEMBER: Security is essential in Internet.
1 Like
Thanks
I am having trouble in uploading files on the server using a variable in the path. Remember, I am a rookie when it comes to PHP.
Please help me correcting the code.
<?php
if(isset($_FILES['image'])){
$tablename = "!@#dklfjdljoeihgvnodjfdndle";
mkdir($tablename);
$errors= array();
$file_name = $_FILES['image']['name'];
$file_tmp =$_FILES['image']['tmp_name'];
$extensions= array("jpeg","jpg","png");
move_uploaded_file($file_tmp,"htdocs/".$tablename."/".$file_name);
}
?>
<html>
<body>
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="image" />
<input type="submit"/>
</form>
</body>
</html>
Is this a folder name? Would a server open that folder???
Outside joking, please remove does chars from folder name.
1 Like
In this part:
This part it should be:
move_uploaded_file($file_tmp," “.$tablename.”/".$file_name);
Also, remove this code:
It is to prevent further warnings & errors because if the directory is already exists, you don’t need that.
It is wrong, this one is correct:
move_uploaded_file($file_tmp,"/htdocs/".$tablename."/".$file_name);
1 Like
your wrong because ./htdocs means current directory(.) + /htdocs
in my example i use blank in:
because since we don’t know the current directory of that the php file located, blank will served as substitution for the unspecified current directory.
I test my script and it works.
See: http://javes.epizy.com/tmp2/index.php
Upload directory example: http://javes.epizy.com/tmp2/upload