0

I'm new to PHP, I picked up some sample code from internet, to upload a file to a server using the PHP script.

I'm trying to upload a file using the below code,

HTML code:

 This form allows you to upload a file to the server.<br> <form action="classes.php" method="post"><br> Type (or select) Filename: <input type="file" name="upfile"> <input type="submit" value="Upload File"> </form>

PHP code:

 <?php header('Content-Type: text/plain; charset=utf-8'); try { // Undefined | Multiple Files | $_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if ( !isset($_FILES['upfile']['error']) || is_array($_FILES['upfile']['error']) ) { throw new RuntimeException('Invalid parameters.'); } // Check $_FILES['upfile']['error'] value. switch ($_FILES['upfile']['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit.'); default: throw new RuntimeException('Unknown errors.'); } // You should also check filesize here. if ($_FILES['upfile']['size'] > 1000000) { throw new RuntimeException('Exceeded filesize limit.'); } // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === $ext = array_search( $finfo->file($_FILES['upfile']['tmp_name']), array( 'jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', ), true )) { throw new RuntimeException('Invalid file format.'); } // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. if (!move_uploaded_file( $_FILES['upfile']['tmp_name'], sprintf('./uploads/%s.%s', sha1_file($_FILES['upfile']['tmp_name']), $ext ) )) { throw new RuntimeException('Failed to move uploaded file.'); } echo 'File is uploaded successfully.'; } catch (RuntimeException $e) { echo $e->getMessage(); } ?>

While trying to upload a file, I'm getting "Invalid parameters." message.

Can anyone please help me to fix this.

Improve this question
2
  • 1
    add var_dump($_FILES['upfile']['error']), see what the error is. Commented Feb 25, 2015 at 10:26
  • The form is missing enctype attribute. Commented Feb 25, 2015 at 10:28

2 Answers 2

Reset to default
2

You missed the enctype in your code...

<form action="classes.php" method="post" enctype="multipart/form-data">

Do this, and it'll work fine...

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

in your HTML you need the enctype

<form action="classes.php" method="post" enctype="multipart/form-data">

Look here for more details

Improve this answer

2 Comments

Hi Mihai, Thanks for your response. It works fine, but now I'm getting 'Failed to move uploaded file.' error. can anyone help me on this please ?
@padiyan If you are on Linux you need to give permissions on the path you want the files to move.Something like chmod -R 775 yourpath

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.