File Upload
File Upload
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$targetDir = "uploads/";
if (!is_dir($targetDir)) {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) {
} else {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>File Upload</title>
</head>
<body>
</form>
</body>
</html>
Explanation
2. Target Directory: The script creates an uploads folder if it doesn't already exist.
3. File Upload: The PHP code uses the move_uploaded_file() function to save the file to the
specified directory.
Steps to Use
2. Make sure the server has permissions to write to the directory where the files will be
uploaded.
3. Access the page in your browser, choose a file to upload, and click the "Upload File" button.
The file should be saved in the uploads directory.
function basename()
The function basename() in PHP is used to return the base name of a file from a given path. In the
context of $_FILES["fileToUpload"]["name"], it extracts just the filename from the complete file
path.
Explanation
$_FILES is a superglobal array that holds information about files uploaded via the HTTP POST
method.
$_FILES["fileToUpload"]["name"] contains the original name of the file on the client machine (e.g.,
example.txt).
Using basename() ensures that only the filename itself is used, without any path information that
might be accidentally or intentionally included by the user.
Example
$fileName = basename($_FILES["fileToUpload"]["name"]);
Using basename() helps protect against directory traversal attacks, where a malicious user might try
to manipulate the file path to upload files to unintended locations on the server. By ensuring that
only the base filename is used, the server won't be tricked into saving files outside the intended
directory.
move_uploaded_file() function
The move_uploaded_file() function in PHP is used to move an uploaded file to a new location on the
server. This function ensures that the file is properly handled and securely moved from the
temporary location where PHP stores uploaded files to a permanent directory specified by the
developer.
2. Destination Path (e.g., $targetFile): The second parameter is the destination path where
you want to move the uploaded file.
o This is the path where you want to permanently store the file on the server.
How it works:
When a file is uploaded, PHP stores it in a temporary location for security and processing
purposes.
The move_uploaded_file() function then moves the file from this temporary location to a
specified directory on your server.
If the function succeeds, the file is safely stored in the target directory, and the temporary
file is removed.
Code Example
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile);
Why It Is Important
1. Security: The move_uploaded_file() function checks that the file is indeed an uploaded file
(for security reasons) before it moves it. This prevents unauthorized manipulation of files on
the server.
2. File Handling: It properly manages the temporary file, ensuring it's transferred to a
permanent location without leaving any residual data behind.
Example Scenario
If the move is successful, the file is now in the uploads directory, ready for use. If it fails, PHP
generates an error, indicating an issue with the upload process or permissions.