Accepting user uploads to our site requires both validation and security: validation to check that the file is correct (the right size and format) and security to ensure that nothing nefarious is being uploaded. So far in this series I’ve made a form and a basic PHP page that transfers the file; what we want now is to make that transfer conditional on the file passing several tests.

Turning back to the PHP for transferring the file, we’ll add two lines. These additions will not prevent the file from being uploaded, but they will give us a hint as to what we should inspect to see if we should do so:

Read more about Checking File Uploads with PHP

If we have created a form to receive a file, the next part is to create a PHP script to process the data. For the sake of simplicity and clarity, I'll keep this script as a separate file, called uploader.php. Start that page with a simple script in the body, upload the page, and test the form by uploading a file and pressing submit:

Read more about PHP File Transfer

In order to upload files from a web page, we must create a means of allowing the user to locate the file they wish to provide us with. As I mentioned in an earlier article, there are two methods of doing so: the HTML5 drag-and-drag method (useful for images and multiple files) and the traditional (and more broadly supported) HTML “browse for file” option. In this entry, we’ll concentrate on the latter.

First, we need a form to take the file, along with any other information the user provides us with. The action of the form specifies how and where that information is processed. As we expect the user to include more than simple text data, we must enhance the form tag with an enctype attribute:

Read more about Enabling File Uploads