PHP is a high level server side programming language. To upload an image file first you need to update the php.ini file. Open the php.ini file. Search “file_uploads”. Update the line “file_uploads = On”.
Then to upload the file you need to Create HTML. Look at the example below. Here I have a input type=”file” control & a submit button. Both these controls are inside the form element. With form I am using post method to send my image files to the server. Finally after successful uploading showing File Name, Size & Type to the user using a UL li element.
To restrict user on file type to upload I created an array “expensions”. Here you can declare any specific file type you want to allow the user. In this example I allowed “jpeg”,”jpg”,”png”.
During file upload to track the errors I am with one more array “errorlog”. In case of a failure I am displaying the error details using echo function.
Script for PHP upload image
<?php
if(isset($_FILES['uploader'])){
$errorlog = array();
$fileSize = $_FILES['uploader']['size'];
$fileType = $_FILES['uploader']['type'];
$fileTemp = $_FILES['uploader']['tmp_name'];
$fileName = $_FILES['uploader']['name'];
$fileExtension = strtolower(end(explode('.',$_FILES['uploader']['name'])));
$expensions= array("jpeg","jpg","png");
if(in_array($fileExtension,$expensions)=== false){
$errorlog[] = "This file type is not allowed, Select a JPEG or PNG file.";
}
if($fileSize > 2097152){
$errorlog[] = 'Your file size is more than 2 MB. Upload a file less then 2 MB.';
}
if(empty($errors)==true){
move_uploaded_file($fileTemp,"images/".$fileName);
echo "Successfully Uploaded.";
}
else {
print_r($errorlog);
}
}
?>
<html>
<body>
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="uploader" />
<input type="submit"/>
<ul>
<li>Sent File - <?php echo $_FILES['uploader']['name']; ?></li>
<li>File Size - <?php echo $_FILES['uploader']['size']; ?></li>
<li>File Type - <?php echo $_FILES['uploader']['type']; ?></li>
</ul>
</form>
</body>
</html>
Security Considerations
While the above example works, it lacks several critical security measures. Below are some best practices to ensure secure file uploads:
1. Restrict File Types Only allow specific file extensions to prevent malicious uploads.
2. Rename Uploaded Files Using predictable filenames can lead to security risks. Instead, generate a unique name for each file:
php $newFileName = uniqid() . ‘.’ . $imageFileType; $targetFile = $targetDir . $newFileName;
3. Validate File Content Relying solely on file extensions is unsafe. Use functions like `getimagesize()` to verify the file is indeed an image.
4. Set File Size Limits Prevent denial-of-service attacks by restricting the maximum file size.
5. Store Files Outside the Web Root If possible, store uploaded files in a directory that is not publicly accessible.
Conclusion
Uploading image files to a server using PHP involves multiple steps, from creating an HTML form to implementing server-side validation and security measures. By following best practices—such as restricting file types, renaming files, and validating content—developers can ensure a robust and secure file upload system. Always test the implementation thoroughly to handle edge cases and provide meaningful feedback to users. Properly managing file uploads enhances both functionality and security in web applications.