PHP uses POST method to upload single file and multiple files

This feature allows users to upload text and binary files. Using PHP's authentication and file operation functions, you can fully control who is allowed to upload and how the file is processed after it is uploaded.

PHP can accept files uploaded from any browser that complies with the RFC-1867 standard (including Netscape Navigator 3 and above, patched Microsoft Internet Explorer 3 or above).

Note: For related settings

, please refer to the file_uploads, upload_max_filesize, upload_tmp_dirpost_max_size and max_input_time setting options of php.ini.

Example #1 File upload form

You can create a special form to support file upload as follows:

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

__URL__ in the above example should be replaced to point to a real PHP file.

MAX_FILE_SIZE The hidden field (unit is bytes) must be placed before the file input field, and its value is the maximum size of the received file. This is a recommendation for browsers, PHP also checks this. This setting can be easily bypassed on the browser side, so don't expect to use this feature to block large files. In fact, the maximum upload file size in PHP settings will not expire. But it is better to add this item to the form, because it can avoid the trouble of users spending time waiting for large files to be uploaded only to find that the file is too large and the upload failed.

Note:

Make sure the attribute of the file upload form is enctype="multipart/form-data", otherwise the file cannot be uploaded.

Global variable $_FILES exists since PHP 4.1.0 (replaced by $HTTP_POST_FILES in earlier versions). This array contains information about all uploaded files.

The contents of the $_FILES array in the above example are as follows. We assume that the name of the file upload field is userfile as shown in the example above. The name can be whatever you want.

$_FILES['userfile']['name']

The original name of the client machine file.

$_FILES['userfile']['type']

The MIME type of the file, if the browser provides this information. An example is "image/gif". However, this MIME type is not checked on the PHP side, so don't take it for granted.

$_FILES['userfile']['size']

The size of the uploaded file, in bytes.

$_FILES['userfile']['tmp_name']

The temporary file name stored on the server after the file is uploaded.

$_FILES['userfile']['error']

The error code related to the file upload. This project was added in PHP version 4.2.0.

After the file is uploaded, it will be stored in the default temporary directory of the server by default, unless upload_tmp_dir in php.ini is set to another path. The default temporary directory on the server side can be reset by changing the environment variable TMPDIR of the PHP running environment, but setting it by running the putenv() function inside the PHP script has no effect. This environment variable can also be used to confirm that other operations are also performed on the uploaded file.

Example #2 Enable file upload

Please check the functions is_uploaded_file() and move_uploaded_file() for further information. The following example handles file upload provided by a form.

<?php
// 在PHP4.1.0版本以前, 应该使用$HTTP_POST_FILES来替代$_FILES.
$uploaddir = &#39;/var/www/uploads/&#39;;
$uploadfile = $uploaddir . basename($_FILES[&#39;userfile&#39;][&#39;name&#39;]);
echo &#39;<pre class="brush:php;toolbar:false">&#39;;
if (move_uploaded_file($_FILES[&#39;userfile&#39;][&#39;tmp_name&#39;], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}
echo &#39;Here is some more debugging info:&#39;;
print_r($_FILES);
print "

"; ?>

A PHP script that accepts an uploaded file should implement any logically necessary checks in order to decide what operations to do with the file next. For example, you can use the $_FILES['userfile']['size'] variable to exclude files that are too large or too small, or you can use the $_FILES['userfile']['type'] variable to exclude file types and certain standards. File that does not match, but only consider this as the first step in a series of checks, since this value is completely controlled by the client and is not checked on the PHP side. Since PHP 4.2.0, you can also use the $_FILES['userfile']['error'] variable to plan the next step based on different error codes. Either way, either delete the file from the temporary directory or move it somewhere else.

If there is no uploaded file selected in the form, the value of the PHP variable $_FILES['userfile']['size'] will be 0 and $_FILES['userfile']['tmp_name'] will be empty.

If the file has not been moved elsewhere or renamed, the file will be deleted at the end of the form request.

Example #3 Uploading an array of files

PHP’s HTML array feature even supports file types.

<form action="" method="post" enctype="multipart/form-data">
<p>Pictures:
<input type="file" name="pictures[]" />
<input type="file" name="pictures[]" />
<input type="file" name="pictures[]" />
<input type="submit" value="Send" />
</p>
</form>

rrree