Home / PHP

Uploading Files with PHP

Uploading files is a common requirement in web applications, whether it's for allowing users to upload profile pictures, submitting documents, or sharing media files. PHP, being a versatile server-side scripting language, provides functionalities to handle file uploads efficiently. In this article, we will explore how to upload files using PHP.


To allow file uploads, we need to create an HTML form with the enctype attribute set to "multipart/form-data". This encoding type is required for forms that include file inputs.

<form action="upload.php" method="POST" enctype="multipart/form-data">
  <input type="file" name="fileToUpload" id="fileToUpload">
  <input type="submit" value="Upload File" name="submit">

In this example, we have a form with an input field of type "file" named "fileToUpload". The form is submitted to the "upload.php" file using the POST method.

Handling the Upload in PHP

Once the form is submitted, we need a PHP script to handle the file upload. Here's a simple example of the "upload.php" script:

if(isset($_POST["submit"])) {
    $targetDirectory = "uploads/";
    $targetFile = $targetDirectory . basename($_FILES["fileToUpload"]["name"]);
    $uploadSuccess = move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile);
    if($uploadSuccess) {
        echo "File uploaded successfully.";
    } else {
        echo "Error uploading file.";

Let's break down the script:

  1. We check if the form was submitted by checking if the "submit" button was pressed (assuming "submit" is the name of the upload button).
  2. We define the target directory where we want to store the uploaded files. In this example, we have created a directory called "uploads" in the same directory as the script.
  3. We generate the target file path by concatenating the target directory with the name of the uploaded file. The basename function is used to extract the filename from the file path.
  4. We call the move_uploaded_file function to move the uploaded file from the temporary location to the target directory. The function takes the temporary file path and the target file path as arguments.
  5. If the file upload succeeds, we display a success message. Otherwise, an error message is shown.

Validations and Security

File uploads can be risky if not handled properly. It is crucial to perform necessary validations and implement security measures to prevent unauthorized access or malicious uploads. Some recommended practices include:

  • Limiting the file size by setting the upload_max_filesize and post_max_size directives in the php.ini file.
  • Restricting the allowed file types using the $_FILES["fileToUpload"]["type"] variable or checking the file extension with functions like pathinfo.
  • Renaming the uploaded file to avoid filename clashes or potential security vulnerabilities.
  • Storing the uploaded files outside the web root directory to prevent direct access.


In this article, we have covered the basics of uploading files using PHP. By creating an appropriate HTML form and handling the upload in a PHP script, you can enable file uploads in your web application. Remember to implement necessary security measures to ensure the safety of your application and its users. Happy coding!

noob to master © copyleft