1. Check if the form has been submitted and that a file was selected.
if (isset($_POST['submitted'])) {
if (isset($_FILES['upload'])) {
Since this form will have no other fields to be validated, this is the only conditional required. You could also validate the size of the uploaded file to determine if it fits within the acceptable range (refer to the $_FILES['upload']['size'] value).
2. Check that the uploaded file is of the proper type.
$allowed = array ('image/gif',
'image/jpeg', 'image/jpg',
'image/pjpeg');
if (in_array($_FILES['upload']
['type'], $allowed)) {
The file's type is its MIME type, indicating what kind of file it is. The browser will determine and provide this information, depending upon the properties of the selected file. An image should have a type of image/gif, image/jpeg, or image/jpg (you could also allow for image/png). Microsoft Internet Explorer also uses the image/pjpeg for type, so I allow for that.
To validate the file's type, I first create an array of allowed options. If the uploaded file's type is in this array, the file is valid and should be handled.
3. Copy the file to its new location on the server.
if (move_uploaded_file($_FILES
['upload']['tmp_name'], "uploads/
{$_FILES['upload']['name']}")) {
echo '<p>The file has been
uploaded!</p>';
I'll use the move_uploaded_file() function to move the temporary file to its permanent location (in the uploads folder). The file will retain its original name. In the next chapter, you'll see how to give the file a new name, which is generally a good idea.
As a rule, you should always use a conditional to confirm that a file was successfully moved, instead of just assuming that the move worked.
4. Report on any errors if the file could not be moved.
} else {
echo '<p><font color="red">The
file could not be uploaded
because: <b>';
switch ($_FILES['upload']
['error']) {
case 1:
print 'The file exceeds the
upload_max_filesize setting
in php.ini';
break;
case 2:
print 'The file exceeds the
MAX_FILE_SIZE setting in
the HTML form';
break;
case 3:
print 'The file was only
partially uploaded';
break;
case 4:
print 'No file was uploaded';
break;
case 6:
print 'No temporary folder
was available';
break;
default:
print 'A system error
occurred.';
break;
}
print '</b></font>.</p>';
}
There are several possible reasons a file could not be moved. The first and most obvious one is if the permissions are not set properly on the destination directory.
In such a case, you'll see an appropriate error message (refer back to Figure 11.4). PHP will often also store an error number in the $_FILES['upload']['error'] variable. The numbers correspond to specific problems, from 0 to 4, plus 6 (oddly enough, there is no 5). The switch conditional here prints out the problem according to the error number. The default case is added because $_FILES['upload']['error'] may not always have a value.
5. Complete the conditionals and the PHP section.
} else {
echo '<p><font color="red">
Please upload a JPEG or GIF
image.</font></p>';
unlink ($_FILES['upload']
['tmp_name']);
}
} else {
echo '<p><font color="red">
Please upload a JPEG or GIF
image smaller than 512KB.
</font></p>';
}
}
?>
The first else clause concludes the type in_array() conditional. If the file was not of the right type, an error message is printed. Also, the uploaded file is deleted from the server using the unlink() function.
The second else clause concludes the isset($_FILES['upload']) conditional. That variable may not be set either because the user failed to select a file for uploading or because the file was larger than the MAX_FILE_SIZE value.
6. Create the HTML form.
<form enctype="multipart/form-data"
action="upload_image.php"
method="post">
<input type="hidden" name=
"MAX_FILE_SIZE" value="524288" />
<fieldset><legend>Select a JPEG or
GIF image to be uploaded:
</legend>
<p><b>File:</b> <input type="file"
name="upload" /></p>
</fieldset>
<div align="center"><input type=
"submit" name="submit" value=
"Submit" /></div>
<input type="hidden" name=
"submitted" value="TRUE" />
</form>