0

I'm new to PHP, I picked up some sample code from internet, to upload a file to a server using the PHP script.

I'm trying to upload a file using the below code,

HTML code:

    This form allows you to upload a file to the server.<br>

    <form action="classes.php" method="post"><br>
        Type (or select) Filename: <input type="file" name="upfile">
        <input type="submit" value="Upload File">
    </form>

PHP code:

 <?php

header('Content-Type: text/plain; charset=utf-8');


try {

    // Undefined | Multiple Files | $_FILES Corruption Attack
    // If this request falls under any of them, treat it invalid.
    if (
        !isset($_FILES['upfile']['error']) ||
        is_array($_FILES['upfile']['error'])
    ) {
        throw new RuntimeException('Invalid parameters.');
    }

    // Check $_FILES['upfile']['error'] value.
    switch ($_FILES['upfile']['error']) {
        case UPLOAD_ERR_OK:
            break;
        case UPLOAD_ERR_NO_FILE:
            throw new RuntimeException('No file sent.');
        case UPLOAD_ERR_INI_SIZE:
        case UPLOAD_ERR_FORM_SIZE:
            throw new RuntimeException('Exceeded filesize limit.');
        default:
            throw new RuntimeException('Unknown errors.');
    }

    // You should also check filesize here.
    if ($_FILES['upfile']['size'] > 1000000) {
        throw new RuntimeException('Exceeded filesize limit.');
    }

    // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
    // Check MIME Type by yourself.
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    if (false === $ext = array_search(
        $finfo->file($_FILES['upfile']['tmp_name']),
        array(
            'jpg' => 'image/jpeg',
            'png' => 'image/png',
            'gif' => 'image/gif',
        ),
        true
    )) {
        throw new RuntimeException('Invalid file format.');
    }

    // You should name it uniquely.
    // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
    // On this example, obtain safe unique name from its binary data.
    if (!move_uploaded_file(
        $_FILES['upfile']['tmp_name'],
        sprintf('./uploads/%s.%s',
            sha1_file($_FILES['upfile']['tmp_name']),
            $ext
        )
    )) {
        throw new RuntimeException('Failed to move uploaded file.');
    }

    echo 'File is uploaded successfully.';

} catch (RuntimeException $e) {

    echo $e->getMessage();

}
?>

While trying to upload a file, I'm getting "Invalid parameters." message.

Can anyone please help me to fix this.

Improve this question
2
  • 1
    add var_dump($_FILES['upfile']['error']), see what the error is. Commented Feb 25, 2015 at 10:26
  • The form is missing enctype attribute. Commented Feb 25, 2015 at 10:28

2 Answers 2

Reset to default
2

You missed the enctype in your code...

<form action="classes.php" method="post" enctype="multipart/form-data">

Do this, and it'll work fine...

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

in your HTML you need the enctype

<form action="classes.php" method="post" enctype="multipart/form-data">

Look here for more details

Improve this answer

2 Comments

Hi Mihai, Thanks for your response. It works fine, but now I'm getting 'Failed to move uploaded file.' error. can anyone help me on this please ?
@padiyan If you are on Linux you need to give permissions on the path you want the files to move.Something like chmod -R 775 yourpath

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.