How to Upload File in PHP: Simple Guide with Example
To upload a file in PHP, use an HTML form with
enctype="multipart/form-data" and access the file in PHP via the $_FILES superglobal. Then move the uploaded file from the temporary location to a desired folder using move_uploaded_file().Syntax
Uploading a file in PHP involves these key parts:
- HTML form with
enctype="multipart/form-data"to allow file data. - Input field of type
filefor user to select a file. - PHP script accesses the file info via
$_FILES['input_name']. - move_uploaded_file() function moves the file from a temporary folder to your target folder.
php
<form action="upload.php" method="post" enctype="multipart/form-data"> Select file to upload: <input type="file" name="myfile"> <input type="submit" value="Upload"> </form> <?php // In upload.php if (isset($_FILES['myfile'])) { $tmpName = $_FILES['myfile']['tmp_name']; $name = basename($_FILES['myfile']['name']); move_uploaded_file($tmpName, "uploads/" . $name); echo "File uploaded successfully."; } ?>
Example
This example shows a complete HTML form and PHP script that uploads a file to the uploads/ folder and confirms success.
php
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>File Upload Example</title> </head> <body> <form action="upload.php" method="post" enctype="multipart/form-data"> <label for="fileInput">Choose a file:</label> <input type="file" name="myfile" id="fileInput" required> <button type="submit">Upload</button> </form> </body> </html> <?php // upload.php if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_FILES['myfile']) && $_FILES['myfile']['error'] === UPLOAD_ERR_OK) { $uploadDir = 'uploads/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0755, true); } $tmpName = $_FILES['myfile']['tmp_name']; $name = basename($_FILES['myfile']['name']); $destination = $uploadDir . $name; if (move_uploaded_file($tmpName, $destination)) { echo "File '$name' uploaded successfully."; } else { echo "Failed to move uploaded file."; } } else { echo "No file uploaded or upload error."; } } ?>
Output
File 'example.txt' uploaded successfully.
Common Pitfalls
Common mistakes when uploading files in PHP include:
- Not setting
enctype="multipart/form-data"in the form, so the file data is not sent. - Not checking
$_FILES['input_name']['error']to handle upload errors. - Trying to move the file without using
move_uploaded_file(), which is required for security. - Not creating or having write permission on the target upload folder.
- Not validating file size or type, which can cause security risks.
Wrong way:
<form action="upload.php" method="post"> <input type="file" name="myfile"> <input type="submit" value="Upload"> </form> // Missing enctype, file won't upload properly
Right way:
<form action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="myfile"> <input type="submit" value="Upload"> </form>
Quick Reference
Remember these key points for file upload in PHP:
- Use
enctype="multipart/form-data"in your HTML form. - Access uploaded file info via
$_FILES['input_name']. - Check
$_FILES['input_name']['error']for upload success. - Use
move_uploaded_file()to save the file securely. - Ensure the upload directory exists and is writable.
Key Takeaways
Always set enctype="multipart/form-data" in your HTML form to enable file uploads.
Use the $_FILES superglobal in PHP to access uploaded file details safely.
Check for upload errors before moving the file to your target directory.
Use move_uploaded_file() to securely save the uploaded file.
Make sure the upload folder exists and has proper write permissions.