There are two mechanisms that can be used by browsers for uploading files to the server:
Based on the HTTP PUT method
Based on the HTTP POST method
The HTTP protocol provides three basic methods GET, PUT, and POST for accessing information from the web server.
The GET method is used to fetch web pages. When GET is used to fetch dynamic pages, the form variables are passed as part of the URL. It is safe for the browser to fetch a page using the GET method as many times it likes – the GET method should not cause any permanent change on the server. Some web servers have a limit on the length of the URL (mostly 1024) that they can handle, so GET should not be used to pass form data greater than this limit.
The PUT method is used for updating information on the server. It requests that the enclosed data be stored as the requested URL on the server. The PUT method is used mostly for publishing pages.
The POST method is used if requesting the URL will cause a permanent change on the server. For example, deleting a folder in a web based e-mail application. The browser should not execute the POST method again without getting user confirmation. The POST method sends all the form variables as part of the request body. The POST method is also used when lots of form data needs to be passed to the URL.
A typical HTTP PUT request looks like this:
PUT /path/filename.html HTTP/1.1
In this case the client would like the web server to store the contents of the request as the specified URL (/path/filename.html) in the web server's URL namespace. The web server, by default, would not handle such a request. Rather it specifies a script to handle such requests. Web site specific policies for uploading files can be implemented in the specified script.
For example, in Apache this can be done with the script directive (stored in httpd.conf). The following script directive means that you want the cgi script put.cgi to handle HTTP PUT requests:
Script PUT /cgi-bin/put.cgi
PHP provides support for writing PUT handlers. When PHP gets a PUT request, it stores the contents of the request in a temporary file, which is deleted after the request is processed. The temporary file name is stored in the $PHP_PUT_FILENAME variable, and the URL name is stored in $REQUEST_URI.
This simple PHP script, for handling PUT requests, copies the uploaded file to the specified URL location in the web server's URL name space:
<?php copy($PHP_PUT_FILENAME, $DOCUMENT_ROOT.$REQUEST_URI); ?>
The PUT mechanism for uploading files is non-functional in the current implementations of PHP. You could monitor the status of this bug at http://www.php.net/bugs.php?id=10383.
HTML form elements allow users to enter the name of the file that will be submitted to the web server. This feature is implemented by recent versions of both Netscape and Microsoft browsers. A simple HTML form (uploadfile.html) for submitting the file looks like this:
<html>
<head>
<title> A Simple Form for Uploading a File </title>
</head>
<body>
<h2> A simple form for uploading a file </h2>
The enctype attribute of the form element is set to multipart/form-data – this is required for file uploads to work. The enctype attribute specifies the encoding that should be used by the browser to encode the form parameters. The default value of enctype attribute is application/x-www-form-urlencoded:
<form action="upload.php" method="post" enctype="multipart/form-data">
The input element should be of type file:
Enter file name: <Input type="file" name="userfile"><br>
<input type="submit"><br>
</form>
</body>
</html>
This page will appear in the browser as:
On receiving an HTTP request with input elements of type file, PHP stores the contents of the uploaded file in a temporary file. The temporary file is created in the server's default temporary directory, unless another directory is specified by the upload_tmp_dir directive in the php.ini file. The server's default temporary directory can be changed by setting the environment variable TMPDIR. The temporary file is deleted at the end of the request, so the PHP script handling the request should copy the file if the file data is to be preserved for later use.
The details of the uploaded file are accessible to PHP scripts through a two-dimensional global array HTTP_POST_FILES. Supposing that the name of the input element (of type file) is userfile, then:
The variable $HTTP_POST_FILES[‘userfile’][‘name’] contains the original name of the file on the client machine
The variable $HTTP_POST_FILES[‘userfile’][‘type’] contains the mime type of the file
The variable $HTTP_POST_FILES[‘userfile’][‘size’] contains the size, in bytes, of the uploaded file
$HTTP_POST_FILES[‘userfile’][‘tmp_name’] contains the temporary filename of the file in which the uploaded file was stored on the server
Below is a PHP script, upload.php, which copies the uploaded file to the temp/ directory:
<html>
<head>
<title>Upload File Example</title>
</head>
<body>
<?php
Display the details of the uploaded file:
printf("<b>Uploaded File Details</b><br><br>");
printf("Name: %s <br>", $HTTP_POST_FILES["userfile"]["name"]);
printf("Temporary Name: %s <br>",
$HTTP_POST_FILES["userfile"]["tmp_name"]);
printf("Size: %s <br>", $HTTP_POST_FILES["userfile"]["size"]);
printf("Type: %s <br> <br>", $HTTP_POST_FILES["userfile"]["type"]);
Copy the uploaded file to the C:\temp\ directory:
if (copy($HTTP_POST_FILES["userfile"]["tmp_name"],
"c:/temp/".$HTTP_POST_FILES["userfile"]["name"])) {
printf("<b>File successfully copied</b>");
} else {
printf("<b>Error: failed to copy file</b>");
}
?>
</body>
</html>
Sometimes we may want to set a limit on the size of file that can be uploaded to the system. This can be done by checking the size of the file in the PHP script. For example, to accept files only with a size of one megabyte or less, we could modify upload.php as follows:
if ($HTTP_POST_FILES["userfile"]["size"] > 1024*1024) {
printf("<b> Error: File size is greater than one megabyte</b>");
exit;
}
if (copy($HTTP_POST_FILES["userfile"]["tmp_name"],
"c:/temp/".$HTTP_POST_FILES["userfile"]["name"])) {
printf("<b>File successfully copied</b>");
} else {
printf("<b>Error: failed to copy file</b>");
}
The PHP directive upload_max_filesize (default value 2Mb) can be used to specify the max size of the uploaded file that will be handled by PHP. Any upload files greater than this size will not be uploaded by PHP.
PHP provides utility functions for handling files uploaded via the HTTP POST method:
is_uploaded_file() returns true, if the file (filename) was uploaded via the HTTP POST method.
move_uploaded_file() copies the uploaded file filename to destination. If the file is not a valid uploaded file, then the function doesn't do anything. The function returns true on success.